IT Security & Network Security News & Reviews: Gmail Security Tips to Follow in Wake of China Phishing Attack
For the second time in a span of 18 months, hackers believed to have originated from China cracked into the accounts of Google's Gmail users. The first intrusion, uncovered in January 2010, involved a breach of Google's cloud computing infrastructure to gain access to the Gmail accounts of Chinese dissidents and human rights activists. This time around, Google discovered a tricky phishing scam that led hundreds of U.S. White House officials, Chinese political activists, officials in several Asian countries and others to cough up their Gmail passwords. The bad actors, believed to have operated from Jinan, China, were then able to read and forward these victims' email messages. That is, until Google detected the scam with the help of independent security expert Mila Parkour. After halting the illicit email monitoring, Google secured the accounts of those targeted and notified them along with the government authorities whose staff member accounts were compromised. While Google derailed attackers' information-gathering efforts, Gmail and its 200 million-plus users remain a juicy target. Fortunately, Gmail users can be more alert and proactive about protecting their accounts. It starts with checking for unusual email account activity, but users may also elect to take advantage of Google's easy two-step verification process. eWEEK walks through those steps in this slide show.