Fix or stop government-backed attack alerts

Tip: If you’re using your personal Google Account, learn how to protect it from government-backed attackers.

As an administrator for your organization, you’ll get an email if a user is detected as a possible victim of a government-backed attack. Learn more about email alerts

What is a government-backed attack alert? 

We send the alert to let you know that we believe government-backed attackers are trying to access the account of one of your users. An attack happens to less than 0.1% of all Google Account users.

There's a chance the alert is a false alarm. However, we believe we detected activities that government-backed attackers use to try to steal a password or other personal information. Such activity includes the user receiving an email containing a harmful attachment, links to malicious software downloads, or links to fake websites that are designed to access passwords.

We can’t reveal what tipped us off because the attackers will take note and change their tactics. If they're successful, they could access data or take other actions using the user's account. You should take steps to secure the user's account from the attack. 

Secure the user's account

  1. Reset the password of any account with suspicious activity. 
  2. We recommend adding and enrolling the user in 2-Step Verification.
  3. Ask the user to take additional steps to secure their account.

For more information on protecting your G Suite or Cloud Identity account, see Use settings to improve security or  Identify and secure compromised accounts (G Suite only). 

Was this article helpful?
How can we improve it?