Although hackers are known for unleashing a host of malware to infiltrate critical networks and devices, phishing emails are their most effective attack method. This scam preys on the trust of computer users with seemingly innocuous emails that request for login credentials or prompt a file download. Unlike other attacks, phishing requires only a convincing email to evade antivirus detection. If you have Gmail on Android, however, Google has added new anti-phishing protections.
The new Gmail app feature uses Google’s Safe Browsing technology to examine billions of URL links per day and identify websites impersonating legitimate ones, like an online store, bank, or social media. It will then check whether these websites are embedded with malware or have elements of a phishing attack (e.g., asking for login credentials, private information, etc.).
If it has reasonable evidence to think that the website is indeed malicious, Gmail will display a warning prompt: “The site you are trying to visit has been identified as a forgery, intended to trick you into disclosing financial, personal, or other sensitive information.”
Keep in mind that Gmail may come up with false positives, and for this reason, Google does not completely block access to using a link but advises that you take extra caution if you choose to proceed.
The tech giant also reported this update is available only for Android users and will eventually reach other devices; so if you have an iOS, be extremely careful when interacting with any links in your Gmail accounts.
Safety for Gmail and Google Docs
In other news, a widespread phishing attack affected thousands of Gmail and Google Doc users earlier this month. The attack uses a spoofed email from a known contact attempting to share a ‘document.’ If opened, the fraudulent link redirects victims into an innocent-looking Google page that asks for account permissions. If users grant access, a worm collects your contact list and proceeds to attack other users. Fortunately, Google quickly responded to the scam, removed the fake pages, and updated anti-phishing detection to account for similar threats.
While Safe Browsing features are extremely helpful for Android Gmail users, they shouldn’t be a total substitute for good security awareness. Remember, phishing exploits human trust, so make sure to train your employees to have a healthy skepticism of every unsolicited link or file and download security updates whenever possible.
For more information and advice on security training or Android-related news, give us a call today. We’ll make sure your business is completely up to date with shifting mobile security trends and issues