Google’s security team has revealed in a blog post that it has discovered a phishing scam aimed at collecting Gmail user passwords and email contents. The company has notified victims of the attack as well as the proper government authorities. Google’s Engineering Director Eric Grosse explains:
This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists.
Email messages would target users with a ‘View Download’ link that then launched a fake login screen which would collect the victim’s password. In response to this announcement, Whitehouse spokeman Tommy Vietor commented:
We’re looking into these reports and are seeking to gather the facts … We have no reason to believe that any U.S. government email accounts were accessed.
As you may no doubt recall, Google was the victim of a sophisticated attack from China back in 2009. That particular breach was subsequently tied to a pair of schools, one of which was located in Jinan.