Google says it will give 10 thousand free security keys to high-risk users in phishing attacks
Google will give 10 thousand free security keys to high-risk individuals in government-backed phishing campaigns. Shane Huntley from Google’s Threat Analysis Group in a Twitter thread noted that Google has sent a batch of government-backed security warnings to potential high-risk users. As per IANS, the state-sponsored phishing campaign is the handiwork of Russian group APT28 (or Fancy Bear), said to be made up of operatives of Russia’s GRU intelligence agency.
Huntley came out with the warning after more than 14,000 Gmail users noted that they may have been targeted in a state-sponsored phishing campaign. Huntley elaborated on the government-backed security warnings that were sent from Google’s team to some users. He was addressing the likes of activists, journalists and government officials. He noted that the government (presumably the US government) at some point will try to send its users something. “These warnings indicate targeting not compromise. If we are warning you there’s a very high chance we blocked. The increased numbers this month come from a small number of widely targeted campaigns which were blocked,” he tweeted.
“If you are an activist/journalist/government official or work in [national security], this warning honestly shouldn’t be a surprise. At some point some [government] backed entity probably will try to send you something,” Huntley tweeted. “What we see over and over again is that much of the initial targeting of government-backed threats is blockable with good security basics like security keys, patching, and awareness, so that’s why we warn,” he added.
Google in a blog post had noted that one of the main threats to all email users is phishing, which attempts to trick users into providing a password that an attacker can use to sign in to your account. Google had noted that its improving technology had enabled it to significantly decrease the volume of phishing emails that get through to our users. Google has since worked on automated protections, account security (like security keys), and specialized warnings that give Gmail users security.
In related news, Google will automatically enable two-step verification for users by the end of 2021. Two-step verification will be automatically done for appropriately configured accounts and users will be required to sign in with a single tap on their mobile devices to confirm it is them. Google aims to make signing in seamless with the two-step verification process. Google noted that as of now, it is auto-enrolling Google accounts that have backup mechanisms to transition seamlessly to two-step verification. Users can check their security checkup by going to https://myaccount.google.com/security-checkup/3?pli=1