Google has noticed a disturbing uptick in state-sponsored hackers pretending to be journalists in their email phishing schemes.

On Thursday, the company shared new findings on how government-backed attackers have been trying to target Google users in recent months. “Upon reviewing phishing attempts since the beginning of this year, we’ve seen a rising number of attackers, including those from Iran and North Korea, impersonating news outlets or journalists,” wrote Google security engineering manager Toni Gidwani in the post.

In some cases, the attackers will pretend to be a journalist in an effort to trick contacted reporters into spreading misinformation. Other cases have involved the state-sponsored hackers using several benign emails to build up a rapport with a journalist or foreign policy expert before sending another email that contains a malicious attachment.

Distribution of the targets of government-backed phishing in 2019.

Google refrained from offering more specifics. But Gidwani added: “Government-backed attackers regularly target foreign policy experts for their research, access to the organizations they work with, and connection to fellow researchers or policymakers for subsequent attacks.”

Last month, security researchers also noticed a group of Iranian hackers were posing as a former Wall Street Journal reporter to trick victims into handing over their passwords. The attack worked by emailing the victim a link to a fake Wall Street Journal login page that’s designed to fool the user into signing in with their Google account. In reality, the page will collect that login information, and ferry them away to the hackers.

According to Gidwani, state-sponsored hackers can often strike more than once when trying to target a Google user. “In 2019, one in five accounts that received a warning was targeted multiple times by attackers. If at first the attacker does not succeed, they’ll try again using a different lure, different account, or trying to compromise an associate of their target,” she wrote.

Fortunately, Google has come up with a solution to stymie the hackers. In 2017, the company rolled out its Advanced Protection Program, which is designed to fend off the sneakiest phishing attacks. On Thursday, Gidwani said the program is working.

“We’ve yet to see people successfully phished if they participate in Google’s Advanced Protection Program (APP), even if they are repeatedly targeted,” she added. “APP provides the strongest protections available against phishing and account hijacking and is specifically designed for the highest-risk accounts.”

Another piece of good news is that Google last year sent 25 percent fewer warnings to users about government-backed phishing attempts compared to 2018. “One reason for this decline is that our new protections are working —attackers' efforts have been slowed down and they’re more deliberate in their attempts, meaning attempts are happening less frequently as attackers adapt,” Gidwani added.

Anyone can sign up for Google's Advanced Protection Program for free. In the past you had to own hardware-based security keys to access the program. But in January, the company opened the security suite to consumers who only possess a smartphone.

Further Reading

Security Reviews