To help keep Google Cloud systems and our customers safe, we work to ensure that our products are used in the intended manner and that our platform isn't misused or abused. As described in the Cloud Privacy Notice, we work to protect against the violations defined in the Terms of Service and Acceptable Use Policy.
Google Cloud has a dedicated team of engineers and security experts who work to protect our systems and customers. When Google becomes aware of abusive activity, we notify affected customers and take measures to help prevent future abuse. We strive to ensure that our interventions don't impact your critical work. For more information, see Project suspension guidelines.
This document describes what you can do if you receive a notification about abuse or misuse from us.
Respond to an abuse notification
If you receive an abuse notification or warning, you must promptly address or remedy any violations that are noted in the notification and review the Terms of Service and Acceptable Use Policy.
You can check your Google Cloud abuse logs and troubleshoot your environment using the diagnostic tools that are part of Google Cloud (such as Security Command Center).
The following table includes examples which describe how to remediate and respond to issues that might have caused an alert.
Example issue | Description |
---|---|
Potentially compromised service account credentials | An alert for detected leaked credentials indicates that your organization might have inadvertently published the specified service account credentials in public repositories or websites. To resolve this issue, complete the following:
To help protect your organization against compromised credentials, see Best practices to avoid compromised credentials. |
Potentially compromised API keys | An alert for detected compromised API keys indicates that your organization might have inadvertently published the affected API key in public repositories or websites. To resolve this issue, complete the following:
To help protect your organization against compromised credentials, see Best practices to avoid compromised credentials. |
Cryptomining | This alert indicates that a project is engaged in cryptocurrency mining. This issue is usually preceded by a compromise, such as a leaked service account credential, that grants a bad actor access to your cloud project. To resolve this issue, complete the following:
To help protect your organization against cryptocurrency mining attacks, see Best practices for protecting against cryptocurrency mining attacks. |
Malware or unwanted software | This alert indicates that your organization includes a project that hosts, distributes, or facilitates distribution of malware, unwanted software, or viruses. To resolve this issue, complete the following:
To help protect your organization against malware or unwanted software, see Best practices for mitigating ransomware attacks using Google Cloud. If your site has a red browser warning, it was identified by Google's Safe Browsing program as malicious. Safe Browsing operates separately from Google Cloud. You can submit a review request for the page using the Search Console. For more information, see Google Search Console, and Get started with Search Console. |
Phishing | This alert indicates that phishing or deceptive social engineering content was published from your Google Cloud project. Hackers might try to take control of your site and use it to host deceptive content. To resolve this issue, complete the following:
If your site has a red browser warning, it was identified by Google's Safe Browsing program as malicious. Safe Browsing operates separately from Google Cloud. You can submit a review request for the page using the Search Console. For more information, see Google Search Console, and Get started with Search Console. |
If you cannot resolve the issue on your own, and you have a Cloud Customer Care package, contact Customer Care. You can also consult the Google Cloud Community Forum to help resolve issues.
Submit an appeal
You can submit an appeal to Google Cloud after you receive a warning or suspension notification and complete the remediation steps so that you can restore access to services.
To submit an appeal, in the Google Cloud console, select the project and access the Appeals page for the project. Ensure that your response includes the following:
- What caused the issue.
- The steps that you've taken to resolve the issue.
- Whether the behavior was intentional.
- Your billing account ID.
- Whether your project was compromised.
If you see an error message telling you that you don't have sufficient permission to access the page, verify that you're logged in as the project owner and have the appropriate IAM permissions to edit the project. If you're logged into multiple accounts, log out of all other accounts and try logging in again.
After you submit your appeal, Google Cloud reviews your appeal and responds back with a resolution and final disposition.
Report suspected abuse
If you believe that your Google Cloud services are being abused, report it immediately to Google Cloud Customer Care. To report an issue that isn't related to your services, use the Report suspected abuse on Google Cloud form.
Best practices to help protect yourself from abuse
To help protect yourself from abuse on Google Cloud, consider the following:
Use strong passwords and enable two-factor authentication for your Google Cloud accounts. For more information, see Manage identity and access.
Be careful about which third-party applications are granted access to your Google Cloud resources, and the authentication method they use. For more information about securing applications, see Use IAM securely and Authentication methods at Google.
Monitor third-party software to help ensure that your project doesn't become compromised by vulnerabilities in third-party software you have installed. For more information on security best practices, see the Securing instances section of the Cloud Security FAQ.
If your primary business is to host third-party content or services or facilitate the sale of goods and services between third parties, enforce compliance with the Google Cloud Acceptable Use Policy. Implement the following:
- Publish policies that define what content is prohibited on your platform.
- Maintain a reporting intake process (for example, a webform or email alias) to receive notices of illegal or abusive content (in addition to a monitored communication channel for Google).
- Promptly review and address any alerts, and remove content where appropriate.
Implement logging and detective controls and monitor your Google Cloud logs for suspicious activity. For more information, see the following:
Use Security Command Center to help identify vulnerabilities in your environment and remediate them.
Monitor the relevant Essential Contacts email addresses for your projects so that you know as soon as your project is warned. Make sure that email messages from
google-cloud-compliance@google.com
don't go to a spam folder.