Clear search
Close search
Google apps
Main menu

Your account could be at risk of government-backed attacks

About the security threat 

If you came to this page from a warning at that showed up when you signed in to Gmail, we believe that government-backed attackers may have tried to compromise your account or computer within approximately the last month.

We regularly receive reports from users as well as from our own signaling systems that monitor for suspicious login attempts and other activity. It's likely that you received emails containing harmful attachments, links to malicious software downloads, or links to fake websites that are designed to steal your passwords or other personal information.

For example, attackers have been known to send damaging PDF files, Office documents, or RAR files. 
To protect users going forward, we can't share details about precisely when or how we detected specific attacks. Google’s internal systems have not been compromised. 

The Gmail warning includes personalized guidance to improve your security, based on your current account and browser settings. It will reappear after a short time to help remind you to take the recommended steps toward a more secure account. You can then switch off the warning; if it is shown again after weeks or months, it is because we detected new activity against your account.

How to protect yourself

Google’s Security Checkup will walk you through a series of steps to limit any damage to your account. To get a step ahead of attackers, take these extra steps to better secure your account and computer:

  • Always use up-to-date software.  This includes your Internet browser, operating system, plugins, and document editors. Consider switching to the Chrome browser, whose auto-updating security feature reduces the risk of running out-of-date software. It can also safely open PDF documents.
  • Enable 2-step verification  in Gmail. This feature sends a second password to your phone, giving you an extra layer of security that has been successful in protecting against some attacks.
  • Set up a Security Key in Gmail. These physical keys, which fit into a USB slot and can also work over Bluetooth or NFC, provide the strongest form of 2-step verification to protect your account from hijackers. A basic model sells for under $20 USD and can be used for more websites than just Gmail.
  • Install Password Alert in Chrome. This free and open-source Chrome extension tries to alert you immediately if you reuse your password or enter it on a fake login page.


Vivian is a Gmail expert and the author of this help page. Leave her feedback about this help page.

Was this article helpful?
Watch video tutorials

To get the latest tips, tricks, and how-to's, subscribe to our YouTube Channel.