The latest statistic from PhishMe declares that 91% of cyber attacks starts with a phishing email. That percentage will make you raise your eyebrows in disbelief.
But it’s true. It’s a hot topic in the InfoSec industry, and Google is currently swimming through dangerous waters in relation to this topic. Since the beginning of 2017, Google has been regularly targeted by a sophisticated series of phishing attacks. These attacks are using emails from a known contact, that had been previously compromised, to gain access to login information.
These series of attacks show the increasing maturity of cybercriminals, that they now come from sophisticated networks that are more organized and better funded. As a hot topic, this is what you need to know about Google’s new phishing campaign.
How are criminals gaining access? It begins with the adversary sending an email to a specific Google account. The email usually comes from a recipient within your contact list that has been previously compromised. The email looks authentic. The recipient then clicks on the image, leading to a new tab prompting the user to sign into Gmail again, ultimately giving away email and password information.
The linked phishing page looks very similar to Google’s page for sign in, and even authentic-looking address bar information like accounts.google.com. Hackers have been more successful when providing this authentic-looking address bar in capturing their victims.
Google plays defense.
Straight from Google, we’ve learned that one of the most sophisticated businesses in the world filters about 50-70% of email messages as spam. Many of these spam messages never reach the end-user. This has developed into sophisticated detection models that are integrated into Google’s receiving and browsing system. Google is dealing with this rising threat by utilizing machine learning-based detection software. This software detects spam and phishing messages at a 99.9% accuracy as claimed by Google. It detects potential threats and displays safe browsing warnings of dangerous links in emails.
Google has a game plan. Will you follow it?
Google continues to innovate with new systems to work through deadly phishing attacks. The business has built systems that delay a select few Gmail messages, while undergoing a detailed phishing analysis. Don’t worry, we’re not talking large amounts of waiting time. Google is further creating processes for the customer, by creating a program where if you reply to an external email from somebody with whom you don’t usually communicate with, they will show you a warning box. It’s a double check, making sure that you intended to send that email. These click-time warnings will be an extra line of defense against users clicking malicious links.
This is what you need to look for.
Google is doing the hard work for us. They’re providing customers with warning notifications, safe browsing warnings, dangerous links in emails and preventing suspicious logins. They even provide Chrome users with the benefit of specifically highlighting websites that pose a security risk.
As everyday users, we can pay close attention to the ‘from’ address of the email. If the email look suspicious but you’re not sure, don’t click the link, rather retype it into a new window to check its validity. Take a close look at the content, if it doesn’t seem like a professional email, it most likely is not coming from where it should be. Be wary of attachments in emails.
It’s important to educate employees about phishing emails, but it is just as important for business to create systems to safeguard important corporate information. Businesses can take the next step by integrating email monitoring systems into their data security strategy to filter against suspicious email attachments, subjects and recipients.
Google is driving the phishing email hunt by implementing processes to protect its users from cyber attacks. Through sophisticated detection models, Google is using machine learning based software to stop these cyber attacks in their tracks. Utilize this important information on phishing emails, and integrate new approaches into your personal life and business to combat these cyber threats.