TechAdvisory.org

Technology Advice for Small Businesses

New phishing protection for Gmail on Android

One of the most common ways hackers infiltrate networks is by using phishing scams — fraudulent emails to trick unwitting users into giving away login credentials or downloading malware. Although this is the oldest trick in a hacker’s arsenal, it’s still an incredibly effective attack method. To blunt the potency of these scams, Google released an anti-phishing feature for Gmail apps on Android devices. Read on below to find out how it works.

Phishing warnings
The new Gmail app feature uses Google’s Safe Browsing technology to examine billions of URL links per day and identify websites impersonating legitimate ones, like an online store, bank, or social media. It will then check whether these websites are embedded with malware or have elements of a phishing attack (e.g., asking for login credentials, private information, etc.).

If it has reasonable evidence to think that the website is indeed malicious, Gmail will display a warning prompt: “The site you are trying to visit has been identified as a forgery, intended to trick you into disclosing financial, personal, or other sensitive information.”

Keep in mind that Gmail may come up with false positives, and for this reason, Google does not completely block access to using a link but advises that you take extra caution if you choose to proceed.

The tech giant also reported this update is available only for Android users and will eventually reach other devices; so if you have an iOS, be extremely careful when interacting with any links in your Gmail accounts.

Safety for Gmail and Google Docs
In other news, a widespread phishing attack affected thousands of Gmail and Google Doc users earlier this month. The attack uses a spoofed email from a known contact attempting to share a ‘document.’ If opened, the fraudulent link redirects victims into an innocent-looking Google page that asks for account permissions. If users grant access, a worm collects your contact list and proceeds to attack other users. Fortunately, Google quickly responded to the scam, removed the fake pages, and updated anti-phishing detection to account for similar threats.

Security training
While Safe Browsing features are extremely helpful for Android Gmail users, they shouldn’t be a total substitute for good security awareness. Remember, phishing exploits human trust, so make sure to train your employees to have a healthy skepticism of every unsolicited link or file and download security updates whenever possible.

For more information and advice on security training or Android-related news, give us a call today. We’ll make sure your business is completely up to date with shifting mobile security trends and issues.