From Google security blog at https://security.googleblog.com/
Foreign governments using phishing attacks have been in the news lately. If you receive a warning about such from Gmail, it could well be genuine. You may wish to consider two-factor authentication on your account. There is also the Google Advanced Protection Program if you are a strategic target for such attackers.
One of the main threats to all email users is phishing, attempts to trick you into providing a password that an attacker can use to sign into your account.
Beyond phishing for the purposes of fraud, a small minority of users in all corners of the world are still targeted by sophisticated government-backed attackers. These attempts come from many countries. Since 2012, Google have shown prominent warnings within Gmail notifying users that they may be targets of these types of phishing attempts; we show thousands of these warnings every month, even if the specific attempt has been blocked.
Google intentionally send these notices in batches to all users who may be at risk, rather than at the moment we detect the threat itself, so that attackers cannot track some of our defence strategies. Google have an expert team in their Threat Analysis Group, and use a variety of technologies to detect these attempts. Google also notify law enforcement about what they’re seeing; they have additional tools to investigate these attacks.
Even if you don’t receive such a warning, you may wish to consider enabling 2-step verification in Gmail. And if you think you’re at particular risk of government-backed phishing, consider enrolling in the Advanced Protection Program, which provides even stronger levels of security.
Do leave a comment on this post – click on the post title then scroll down to leave your comment.