Tip: If you’re using your personal Google Account, learn how to protect it from government-backed attackers.
As an administrator for your organization, you’ll receive an alert if a user is detected as a possible victim of a government-backed attack. For more details and instructions on viewing this alert in the alert center, see View alert details and Government-backed attack warning.
What is a government-backed attack alert?
We send the alert to let you know that we believe government-backed attackers are trying to access the account of one of your users. An attack happens to less than 0.1% of all Google Account users.
There's a chance the alert is a false alarm. However, we believe we detected activities that government-backed attackers use to try to steal a password or other personal information. Such activity includes the user receiving an email containing a harmful attachment, links to malicious software downloads, or links to fake websites that are designed to access passwords.
We can’t reveal what tipped us off because the attackers will take note and change their tactics. If they're successful, they could access data or take other actions using the user's account. You should take steps to secure the user's account from the attack.
Secure the user's account
- Reset the password of any account with suspicious activity.
- We recommend adding and enrolling the user in 2-Step Verification.
- Ask the user to take additional steps to secure their account.
For more information on protecting your Google Workspace or Cloud Identity account, see Use settings to improve security or Identify and secure compromised accounts ( Google Workspace only).