Government-backed cyberspies are always looking for a way to gain access to people’s sensitive information. One of their favorite targets is their Google account, since so many people store information there. And even if they don’t, a Google account can be a critical access point to sensitive information stored elsewhere.

So, what technique do you suppose these cyberspies prefer when it comes to hacking someone’s Google account? Is it a brute force password attack? How about a SQL injection attack? Man-in-the-middle attack? Nope. None of them.

When a cyberspy wants to gain access to a Google account, they use the trusted old phishing attack. More than 90% of the time. That’s right. When the most sophisticated hackers in the world want access to your Google account, they’ll send you a phishing email because they know it works.

How bad is this problem? From PC Magazine, “From July to September, the company sent out more than 12,000 warnings to users across the globe that government-backed attackers were trying to break into their Google accounts through phishing scams.”

What countries are most at risk for these kinds of attacks?

Of course the US, but also Pakistan, South Korea, and Vietnam.

The surprising aspect of these attacks is how ordinary they are. The attackers set up a fake Google page and suggest the email recipients do a password reset. By itself, there’s nothing particularly clever about this approach. However, what does make it challenging, “is how it can bypass Google’s two-factor authentication, a safeguard that requires anyone logging on to also supply a one-time passcode generated from their smartphone.”

“In total, Google has said in the past it encounters about 100 million phishing messages per day. So the attacks from the state-sponsored hackers only represent a small slice.”

The good news, if there is any, is that these state-sponsored cyberattacks are easily thwarted by modern phishing protection software like that from Phish Protection.

Modern phishing protection software doesn’t care where the phishing email came from or who’s behind it. If it contains malicious content, or if it contains a link to a malicious website, phishing protection software with real-time link click protection keeps you from falling victim to these scams.

Cloud-based Phish Protection requires no hardware, software or maintenance. It sets up in 10 minutes, comes with 24/7 live technical support and only costs pennies per users per month. Put an end to state-sponsored cyber attacks by letting Phish Protection put them out of business.