In ongoing phishing fight, Google to delay delivery of suspicious messages to enterprise Gmail customers

How well Google protects its business customers impacts all of us - whether we have personally chosen to be users of Google's services or not.

How well Google protects its business customers impacts all of us – whether we have personally chosen to be users of Google’s services or not.

Millions of businesses around the world rely upon Google’s G Suite (formerly known as “Google Apps for Work”) to provide them with the enterprise editions of Gmail, Docs, Drive and Calendar used by hundreds of millions of consumers.

But, of course, when a large number of companies use the same technology it can make them an attractive target for cybercriminals, hell-bent on breaking into corporate accounts and stealing data and login credentials.

In short, how well Google protects its business customers impacts all of us – whether we have personally chosen to be users of Google’s services or not.

So I was pleased to see the internet giant announce a number of security updates, designed to better protect corporate users of Gmail.

The hardened defences could not be more timely.

A week ago, Citizen Lab warned of a phishing campaign, allegedly launched by pro-Russian hackers against high profile members of 28 governments, the United Nations and NATO. Other targets have included prominent journalists, academics, opposition figures, and activists.

One victim of the attack was David Satter, a veteran journalist and author on Russia and the former Soviet Union. Satter’s Gmail account was successfully phished in October 2016, according to the Citizen Lab report, after he unwittingly responded to a bogus security alert which pretended to come from Google.

A similar technique, of course, was used against John Podesta – chairman of Hillary Clinton’s ultimately unsuccessful campaign to become President of the United States. Podesta’s email correspondence was subsequently published online on WikiLeaks for anyone in the world to read.

So, what are Google’s new enhanced security mechanisms?

First up, Google plans to improve the detection of phishing emails targeting enterprise Gmail users by selectively delaying messages. Delayed messages will be analysed for phishing characteristics more rigorously, the company claims, to better protect user data.

Google says that as a consequence some messages (“less than 0.05 percent of messages on average”) will be delayed from arriving in your inbox by up to four minutes during that more detailed analysis.

Will four minutes’ delay on suspicious emails severely impact your business? I think most of us would have to admit that that wouldn’t be the end of the world – particularly when you consider that it may make the difference between having your corporate email account compromised or not.

The feature, sensibly in my point of view, will be enabled by default – but G Suite administrators will be able to turn it off.

Secondly, Google is rolling out an on-screen warning which could be particularly useful for firms who may be targeted by business email compromise attacks that attempt to steal data.

Here is how Google is describing the feature:

Gmail now displays unintended external reply warnings to users to help prevent data loss. Now, if you try to respond to someone outside of your company domain, you’ll receive a quick warning to make sure you intended to send that email. And because Gmail has contextual intelligence, it knows if the recipient is an existing contact or someone you interact with regularly, to avoid displaying warnings unnecessarily.

Even if your company isn’t being targeted by an external attacker, it’s easy to imagine how a last minute on-screen warning might warn one of your company’s users from accidentally sending sensitive information to an external email address.

Again, the feature is enabled by default – with the option available for G Suite administrators to disable it if required.

Google’s improvements to Gmail don’t, of course, negate the need for organisations to continue to protect themselves with a layered defence. But if they make life at all harder for the online criminals targeting Google’s business customers that surely is good news for all of us.

Sign up to receive an email update whenever a new article is published in our Ukraine Crisis – Digital Security Resource Center