Government-backed or sophisticated attacker alerts
If we showed you this warning, we believe that a government-backed or sophisticated attacker may be interested in your account.
What does this mean?
Our security teams and automated systems constantly look for signals of malicious activity like suspicious login attempts and other behaviors that might be a result of people’s accounts being targeted by sophisticated attackers. While there is a chance that this is a false alarm, we want to alert you of our suspicion so that you can take precautionary steps to protect your accounts.
To protect our ability to detect malicious attempts like these and avoid tipping off the threat actors, we don't share how we detect them because we know they might try to change their tactics to evade being caught.
What are these government-backed or sophisticated attacks after?
While it’s not possible for us to know why someone might be targeted, we’ve seen sophisticated or government-backed actors target people to learn more about their activity online and offline and manipulate them into compromising their devices and online accounts. In many cases, they target people like journalists, activists, government officials, outspoken government critics, academics and non-profit organizations.
How might they target me?
For example, these actors might pose as someone you know or want to connect with – like a recruiter working in your industry – to trick you into befriending and communicating with them, sharing sensitive information, downloading malicious files, or clicking on malicious links designed to steal your passwords or other information. They might also be passively researching information about you to learn more about your online and offline activity.
Our security alerts are meant to provide you with tailored guidance specific to the threat we detected, including any attempts by attackers to directly contact you, send you malicious links, or get you to interact with their content.
What should I do now?
If you received these alerts, please follow the guidance we provided in our notice. In most cases, we recommend navigating to our Security Checkup tool
and following the following security tips to help protect your account:
1.
Reset and strengthen your password. Do not reuse your password across multiple online services. Password managers can be a great help in coming up with complex passwords and keeping them unique and safe.
2.
Enroll in two-factor authentication to add an extra security layer to your account. This feature allows you to guard against a range of potential attacks.
3.
Turn on log-in alerts so you always know if someone is trying to gain access to your account.
4.
Review your logged-in sessions and ensure you recognize which devices have access to your account.
5.
Remove malware from your device using a trusted antivirus scanner. Signs of malware could include a sudden onset of strange pop-ups, a new homepage that you didn’t set, or new apps that you didn’t download.
6.
Strengthen your privacy settings
by reviewing who can see what you share and who you are friends with.
Here are additional tips and steps to secure your account
.
