What Google Is Now Doing to Secure Political Gmail Accounts

NEWS ANALYSIS: Phishing is one of the greatest risks to political campaigns in the United States and elsewhere, just as it’s a primary cause of breaches everywhere.


Google has been working with political campaigns in the United States and Europe to combat a series of threats, including phishing attacks, fake news, deep fakes such as manufactured videos and other methods of improper influence of the political process.

Phishing was a particular problem during the presidential campaign of 2016, when hackers used a phishing email to get Clinton campaign manager John Podesta’s Gmail credentials using a fake email that appeared to come from Google.

The Podesta phishing attack resulted in the theft of some 50,000 emails that were subsequently placed on Wikileaks. Russians working for the Internet Research Agency are suspected in that attack, just as they were instrumental in producing a wide range of fake news stories that ran on Facebook and that showed up in Google searches.

A story in the Washington Post revealed the existence of a major program at Google that is aimed at helping candidates and campaigns as well as news organizations prevent phishing attacks and flag fake news in all of its forms. This program initially was revealed to journalists during the Excellence in Journalism conference held in Baltimore in late September.

New Set of Tools for Protection, Fact Checking

Google is the email provider for the majority of political campaigns and candidates in the U.S. and elsewhere, so for this reason, the company has provided a set of tools that are intended to protect those email accounts as well as provide a means for campaigns and news organizations to perform fact checking to determine whether photos are faked and to protect their online accounts and their websites.

Notably, these tools are not restricted to election activities or to news organizations, although Google does provide free access to them for those groups. The premier program that’s part of Google’s effort is its Advanced Protection Program, which is designed to secure personal Google accounts, including email. Google aims this program, in its words, at “journalists, activists, business leaders and political campaign teams.”

Note that this service is for the personal accounts of these people, including business leaders, but there’s also a similar capability for Google’s G Suite. Since G Suite is widely used, this level of protection is widely available.

A key part of the Advanced Protection Program is Google’s two-factor authentication, which requires a USB key for use with computers that have USB ports, and a Bluetooth key for mobile devices. You use those keys when you log into your Google account. This means that even if someone gets your password, they still can’t get into your account.

May Have Protected Podesta in 2016 Campaign

The two-factor authentication and Google Password Alert would likely have prevented the theft of Podesta’s emails in 2016, and they also will prevent similar attacks by hackers, Russian or otherwise, from compromising Google accounts now. But for the password alert function, you need to add the function to Google Chrome, and you need to be using Chrome when you’re logging in to your account. The password alert will alert you when you use your Google login credentials at a non-Google site, including a phishing site.

While Google is focusing its attention on these tools as a way to secure the election process because of the impending mid-term elections, they’re available to anyone to use. You can buy the two-factor authentication keys from Google for $50 and set up advanced protection yourself. You can also use Google’s fact-checking tools to decide if the stories you see on Facebook are as bogus as they seem, or perhaps even more bogus than you’d imagined.

While Google is paying a great deal of attention to election security, it’s not the only company offering services to political campaigns as well as to other organizations. Area 1, for example, is offering its cloud-based anti-phishing service to organizations involved in the elections. This service can be used on a “pay-per-phish” basis, in which you pay only for each phishing email that’s caught. Smaller campaigns—and small businesses for that matter—may find that they can afford this protection on that basis.

While Google isn’t exactly a social media provider in the same way that Facebook or LinkedIn are, it’s still part of the social fabric, and it’s a major source for news regarding political activity. Of course, it’s also a primary communications provider to political campaigns as well as to many businesses.

A Major Service That Sets an Example

Because Google is working to get out in front of election interference, it’s performing a major service. In addition, Google has created a series of fact-checking and search tools and advanced search methods. You can even confirm that images that appear in news or social media stories are what they appear to be using Google’s reverse image search, which will let you see where an image actually appeared first. This is useful for unmasking fake news.

Unlike Facebook, which still seems to be struggling to deal with election-security threats, Google is taking some active measures. Whether they’re enough remains to be seen, but from what I’ve seen so far, it’s a huge improvement.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...