Government-backed attackers may be trying to steal your password

​About this warning​

We regularly receive reports from users as well as from our own signaling systems that monitor for suspicious login attempts and other activity. It's likely that you received emails containing harmful attachments, links to malicious software downloads, or links to fake websites that are designed to steal your passwords or other personal information.

For example, attackers have been known to send damaging PDF files, Office documents, or RAR files. 
To protect users going forward, we can't share details about precisely when or how we detected specific attacks. Google’s internal systems have not been compromised. 

The Gmail warning includes personalized guidance to improve your security, based on your current account and browser settings. It will reappear after a short time to help remind you to take the recommended steps toward a more secure account. You can then switch off the warning; if it is shown again after weeks or months, it is because we detected new activity against your account.

Secure your account

Google’s Security Checkup will walk you through a series of steps to limit any damage to your account. To get a step ahead of attackers, take these extra steps to better secure your account and computer:

• Enrol in the Advanced Protection programme. This protects you against common ways in which people hijack your account, such as getting your emails, documents, contacts and other personal information.
• Always use up-to-date software. This includes your Internet browser, operating system, plug-ins and document editors. Consider switching to the Chrome browser, whose auto-updating security feature reduces the risk of running out-of-date software. It can also safely open PDF documents.
• Enable 2-step verification in Gmail.This feature sends a second password to your phone, giving you an extra layer of security that has been successful in protecting against some attacks.
• Install Google Authenticator. If you've enabled 2-step verification, we strongly recommend also installing the Authenticator app to receive codes when you don't have an Internet connection or mobile service.
• Set up a Security Key in Gmail. These physical keys, which fit into a USB slot and can also work over Bluetooth or NFC, provide the strongest form of 2-step verification to protect your account from hijackers. A basic model is reasonably priced and can be used for more websites than Gmail only.
• Install Password Alert in Chrome. This open-source Chrome extension tries to alert you immediately if you reuse your password or enter it on a fake login page.
• Remove unwanted pop-ups and other malware. If you keep seeing pop-ups, ads that you don't recognise or a homepage that you didn't set, you might have an unwanted programme, known as malware, on your computer. To remove malware and protect your browser, follow these anti-malware tips.