New Delhi: Google has sent nearly 12,000 warnings to its users globally, including over 500 in India, against phishing attacks by the government in the third quarter (July to September) of the fiscal year 2019-20.
A recent report published by the leading search engine operator Google stated that the company has been sending consistent warnings to users in 149 countries that were targetted by “government-back attackers”.
“We’ve had a long-standing policy to send users warnings if we detect that they are the subject of state-sponsored phishing attempts, and have posted periodically about these before,” Shane Huntley from Google’s Threat Analysis Group wrote in a recent blog post.
The report by Google did not specify whether the attacks come from government sources or the country’s citizens, or other countries’ citizens. However, it did specify that the attempts are to obtain a target’s password or account credentials in order to hijack their account.
Over 90 per cent of these users were targeted via “credential phishing emails”, Google stated.
In a typical case, an attacker sends a masquerading email with a security alert lure from “Goolge” asking the user to secure their account. The user clicks the link, enters their password, and enters the security code asked if they have two-factor authentication enabled, allowing the attacker to access their account.
Some of such concerted campaigns have already been discovered in Russia and South Korea, Google stated further.
“We encourage high-risk users – like journalists, human rights activists, and political campaigns – to enroll in our Advanced Protection Program (APP), which utilizes hardware security keys and provides the strongest protections available against phishing and account hijackings. APP is designed specifically for the highest-risk accounts,” Huntley wrote in the blog post.
The report by Google comes at a time when the social media and messaging giant WhatsApp was exposed with a flaw that used Israeli spyware called Pegasus to target journalists and human rights activists around the globe, including at least 121 people in India.
“In the past, we’ve posted on issues like phishing campaigns, vulnerabilities, and disinformation. Going forward, we’ll share more technical details and data about the threats we detect and how we counter them to advance the broader digital security discussion,” Huntley said.