Google improves Gmail phishing, forgery detection

Four weeks after 1 million Gmail users were stung by a Google Docs phishing scam, Google said it has added a new machine learning new algorithm that flags and delays potentially suspicious messages.

“We’re continuing to improve spam detection accuracy with early phishing detection, a dedicated machine learning model that selectively delays messages (less than 0.05 percent of messages on average) to perform rigorous phishing analysis and further protect user data from compromise,” Andy Wen of Google’s Counter Abuse Technology group, said in a blog Wednesday.

The new capability, included in the latest Gmail release, will be welcomed by CISOs who use the business version of Gmail for corporate communications. Phishing is a big worry for infosec pros because it is one of the main ways attackers gain access to the network. According to the Anti-Phishing Working Group, an industry association, the total number of phishing attacks in 2016 was 1,220,523, a 65 per cent increase over 2015. In the fourth quarter of 2016 there were an average of 92,564 phishing attacks per month.

The new detection capability integrates with Google Safe Browsing, a separate technology for finding and flagging phishy and suspicious URLs.

The latest Gmail release also adds the ability to warn corporate G Suite users when responding to emails sent from outside of their domain and not in their contacts. “This feature can give enterprises protection against forged email messages, impersonation, as well as common user-error when sending mail to the wrong contacts,” says the company.

Gmail Security - GIF

Earlier in May, Google had to disable certain accounts and remove phony pages and malicious applications involved in the Google Docs phishing scam. The company estimated 0,1 per cent of its users — which works out to roughly 1 million accounts — were victimized.

Threatpost said the email messages, asking to share a Google Doc with the recipient, “were a convincing mix of social engineering and abuse of users’ trust in the convenience of mechanisms that share account access with third parties.”

The messages came from stolen contact lists. Once the “Open in Docs” button in the email was clicked, the victim was redirected to a legitimate Google OAUTH consent screen where the attacker’s application, called “Google Docs” asks for access to victim’s Gmail and contacts through Google’s OAUTH2 service implementation.

Meanwhile this week Israeli anti email phishing solution provider IronScales released a report suggesting that spear phishing targeted people is becoming more common.

After looking at data from 100 of its corporate customers covering 500,000 customers, the vendor concluded 77 per cent of attacks targeted 10 mailboxes or less. One third of attacks were aimed at one mailbox.

What it calls “hyper-personalized targeting” has proven effective. Apparently the strategy is the fewer malicious messages the fewer alarms are set off. Short campaigns area allegedly beating traditional spam filters, IronScales says.


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now