Google Sent 12K Nation-State Phishing Warnings In Three Months


Google's Threat Analysis Group (TAG) delivered thousands of alerts of government-backed attempts to spearphish gmail users over just a three-month period earlier this year, they reported.

TAG director Shane Huntley revealed that from July to September 2019 his team sent 12,000 warnings to users in 149 countries. From a heat map attached to the blog post, you can see that most were located in the US, South Korea, Pakistan and Vietnam.

“Over 90% of these users were targeted via ‘credential phishing emails’ ... attempts to obtain the target’s password or other account credentials to hijack their account,” he added.

“We encourage high-risk users — like journalists, human rights activists, and political campaigns — to enroll in our Advanced Protection Program (APP), which utilizes hardware security keys and provides the strongest protections available against phishing and account hijackings. APP is designed specifically for the highest-risk accounts.”

Google's TAG tracks over 270 targeted and government-backed threat groups across 50+ countries in an attempt to detect a variety of dodgy activities like intel collection, IP theft, targeting of dissidents and activists, destructive cyber-attacks, and spreading coordinated disinformation.

He also detailed efforts to detect and remove coordinated influence operations by Russian state hackers in Africa using “inauthentic news outlets to disseminate messages promoting Russian interests in Africa.” A total of 15 YouTube channels were removed as a result.

Stepping high-risk users through new-school security awareness training is something that KnowBe4 would like to add as an absolute necessity as part of any organization's defense-in-depth strategy.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews