Four weeks after 1 million Gmail users were stung by a Google Docs phishing scam, Google said it has added a new machine learning new algorithm that flags and delays potentially suspicious messages.
“We’re continuing to improve spam detection accuracy with early phishing detection, a dedicated machine learning model that selectively delays messages (less than 0.05 percent of messages on average) to perform rigorous phishing analysis and further protect user data from compromise,” Andy Wen of Google’s Counter Abuse Technology group, said in a blog Wednesday.
The new capability, included in the latest Gmail release, will be welcomed by CISOs who use the business version of Gmail for corporate communications. Phishing is a big worry for infosec pros because it is one of the main ways attackers gain access to the network. According to the Anti-Phishing Working Group, an industry association, the total number of phishing attacks in 2016 was 1,220,523, a 65 per cent increase over 2015. In the fourth quarter of 2016 there were an average of 92,564 phishing attacks per month.
The new detection capability integrates with Google Safe Browsing, a separate technology for finding and flagging phishy and suspicious URLs.
The latest Gmail release also adds the ability to warn corporate G Suite users when responding to emails sent from outside of their domain and not in their contacts. “This feature can give enterprises protection against forged email messages, impersonation, as well as common user-error when sending mail to the wrong contacts,” says the company.
Earlier in May, Google had to disable certain accounts and remove phony pages and malicious applications involved in the Google Docs phishing scam. The company estimated 0,1 per cent of its users — which works out to roughly 1 million accounts — were victimized.
Threatpost said the email messages, asking to share a Google Doc with the recipient, “were a convincing mix of social engineering and abuse of users’ trust in the convenience of mechanisms that share account access with third parties.”
The messages came from stolen contact lists. Once the “Open in Docs” button in the email was clicked, the victim was redirected to a legitimate Google OAUTH consent screen where the attacker’s application, called “Google Docs” asks for access to victim’s Gmail and contacts through Google’s OAUTH2 service implementation.
Meanwhile this week Israeli anti email phishing solution provider IronScales released a report suggesting that spear phishing targeted people is becoming more common.
After looking at data from 100 of its corporate customers covering 500,000 customers, the vendor concluded 77 per cent of attacks targeted 10 mailboxes or less. One third of attacks were aimed at one mailbox.
What it calls “hyper-personalized targeting” has proven effective. Apparently the strategy is the fewer malicious messages the fewer alarms are set off. Short campaigns area allegedly beating traditional spam filters, IronScales says.