To be perfectly clear, this message doesn’t mean that a successful attack was made on your account. It simply means that you likely have messages in your inbox containing malicious links or attachments, that are intended to eventually capture your password and/or information.
Here’s a look at the warning. Perhaps you’ve seen it.
These messages get sent to us all the time, from all kinds of mean people on the internet, so why all the fuss from Google? Well, a manager at Google’s information security team, Mike Wiacek, told the NYT that they believe the latest round of attacks came from the Middle East, and thereabouts, among other foreign countries.
That whole “state-sponsored” bit escalates the matter to warning-worthy.
Essentially, be careful when opening suspicious messages and never click on a link or attachment from an untrusted source. This should keep you relatively safe. You can also head over to the Gmail Security Checklist page, and make sure you have crossed your T’s and dotted your I’s. A trip to Google’s general internet security page wouldn’t hurt either.
Another question you may be tossing around in the old noggin is how Google knows these are state-sponsored attacks.
In short, Google won’t tell us, as it’s a matter of security. The more details they give on their analysis, the less protection they (and we) have against future attacks. But VP of security engineering at Google Eric Grosse did say that “our detailed analysis—as well as victim reports—strongly suggest the involvement of states or groups that are state-sponsored.”