Security

Google makes Gmail safer with new security warnings to fight phishing

On Wednesday, Google announced security warnings that display if an email sender is authenticated, in its latest initiative to welcome business users to the app platform.

screen-shot-2016-08-11-at-10-13-39-am.png

Google's new security warnings will display if an email sender is authenticated.

Image: Google

Google continues to make its Google Apps suite more business-friendly, with new security warnings added to Gmail to keep emails safer from phishing and other threats.

The warnings, announced Wednesday, will impact Gmail use on the web or Android. If an email sender cannot be authenticated, Gmail will display a question mark in place of the sender's profile photo, corporate logo, or avatar.

Users are authenticated with either Sender Policy Framework (SPF) records, or DomainKeys Identified Mail (DKIM), a digital signature on outgoing messages that uses a private domain key to encrypt your domain's outgoing mail headers.

If you receive a message with a link to a site known for phishing, malware, or Unwanted Software, you'll see a warning when you click on the link—an extension of the Safe Browsing protection already available on most browsers. The page that pops up will say: "Warning—visiting this web site may harm your computer!" The user will then be presented with the option to continue to the site, or learn more about the problems found as well as more information about keeping your computer safe.

SEE: 5 tips for managing multiple Google accounts

The security update should help combat email-spoofing that is frequently used in phishing attacks, and the scam known as business email compromise that has cost companies more than $3.1 billion since October 2013, according to the FBI.

Gmail users were previously able to check whether an email was authenticated by opening the message and clicking the down arrow next to the sender's name. If it was authenticated, the message would display a "signed-by" header with the sending domain, and a "mailed-by" header with the domain name. The new update makes this information easier for users to see.

"Malware and phishing continue to be the bane of email users," said Gartner analyst Mark Hung. "Although Google's new security warnings don't break any new ground from a technology perspective, they serve to help unsuspecting users from malicious attacks."

Welcoming the enterprise

The new warnings mark yet another effort by Google to aid all users, including businesses—a wise move as Google Apps gain more customers in the enterprise. Email security is a concern for many consumers, but is a crucial issue for corporations. If Google wants to hold onto its business users, and increase its audience, it must keep making safety improvements such as these.

In 2014, Google announced a Chrome extension called End-to-End, which provides an easier way for two independent providers to maintain end-to-end encryption of emails. That year it also launched Inbox, a multi-platform app that threads emails into chronological chunks and categorizes them.

Additionally, Google recently promoted Google+ from an "additional Google service" to a "core service" for Google Apps for Work customers, joining the other core services of Calendar, Contacts, Drive, Gmail, Google Talk/Hangouts, Groups for Business, and Sites. The company calls Google+ "a social network designed for business," and highlights how it makes it easier to communicate with other employees and customers.

On Tuesday, Google integrated Trello and GitHub project updates into Inbox as well. That day, the company was also awarded a patent for a video conferencing drone, which could dramatically change the conference call experience if pursued.

The company is also currently working to bring HTTP Strict Transport Security (HSTS) to google.com to strengthen its data encryption and protect against eavesdroppers, man-in-the-middle attacks, and hijackers who attempt to spoof a trusted website.

The 3 big takeaways for TechRepublic readers

  1. On Wednesday, Google announced new security warnings for Gmail to keep emails safer from phishing and threats.
  2. If an email sender cannot be authenticated, Gmail will display a question mark in place of the sender's profile photo, corporate logo, or avatar. This information was previously available with a few clicks, but now it will be more obvious for the end user.
  3. The update is the latest Google initiative to make the platform better for enterprise users, along with email encryption efforts and the elevation of Google+ to a core service for Google Apps for Work customers, among other programs.

Also see

About Alison DeNisco Rayome

Alison DeNisco Rayome is a Staff Writer for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.

Editor's Picks

Free Newsletters, In your Inbox