GOOGLE has warned of a cyber attack spearheaded by Russian hackers that targeted users of Gmail.
In a report published Monday, the US search giant said that the campaign aimed to steal people’s login credentials using phoney emails sent to their inboxes.
The attack took aim at more than 12,000 Gmail accounts but the malicious messages were stopped by Google before they could do any damage.
The firm described the scheme in its first “threat horizon” report – a rundown of what cyber crooks are up to penned by Google’s Cybersecurity Action Team.
It’s the latest in a series of attacks carried out by “Fancy Bear”, a prominent group of hackers backed by the Russian government.
“Fancy Bear … was observed at the end of September sending a large-scale attack to approximately 12K+ Gmail accounts,” researchers wrote.
“Google blocked these messages and no users were compromised.”
Attackers pinched people’s logins using a phishing email, an attack in which cybercriminals trick victims into handing over sensitive information.
The email’s subject line typically included the phrase “critical security alert” and was dressed up to look like it was from Google.
The message read: “There’s a chance this is a false alarm, but we believe that
government-backed attackers may be trying to trick you to get your Account
“We can’t reveal what tipped us off because these attackers will
adapt, but this happens to less than 0.1 per cent of all users.
“If they succeed, they can spy on you, access your data, or take other actions using your account. We recommend change you password.”
Targets were encouraged to click a link to change their password that took them through to a malicious website operated by the hackers.
The website looked like a Gmail login page, and once the mark typed in their credentials, the Russian crooks had what they wanted.
The emails were unsuccessfully sent to accounts around the globe, according to Google’s team.
“Highly targeted regions for this particular campaign include the United States, United Kingdom, and India,” they wrote.
“Other noteworthy regions include Canada, Russia, Brazil, and members of the European Union.”
Fancy Bear is believed to part of a military unit working for Russia’s top intelligence agency GRU.
They carry out state-sponsored hacking campaigns of high-profile targets such as political figures and activists.
Fancy Bear, also known as Strontium, previously attempted to cause chaos in the 2016 US presidential election.
The hackers broke into the Democratic National Committee and Hillary Clinton’s campaign.
To avoid phishing attacks, experts advise not to click links from people you don’t know and to avoid giving your information to an unsecured site.
Look out for bad spelling and suspicious links or attachments, as they’re classic signs of a scam message. Unusual email addresses are also a red flag.
If you’re unsure if a message or website is legitimate, it’s best to be on the safe side and avoid interacting with it.
In the UK, you can report a potential phishing message or scam website to the NCSC using the Suspicious Email Reporting Service (SERS).
In other news, Apple has announced that it will let customers fix their own iPhones for the first time starting next year.
The UK is fighting an epidemic of hack attacks targeting consumers and businesses, according to officials.
NASA has slammed Russia after a missile it fired into one of its own satellites forced the space station to perform an emergency swerve.
And, a 75-year-old Brit has told of his anger after scammers on WhatsApp fooled him into sending them hundreds of pounds.
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]