Google has emphasized the actions it has taken and what G Suite administrators and users could do in order to curb phishing attacks in the future. The blog post came after a widespread phishing attack circulated in Gmail this week, wherein an email containing a link to a fake Google Docs app was used to fool users to give hackers access to their email without asking for the users’ password, which circumvents 2-factor authentication. In order to prevent any future phishing attempts using fake applications, Google has taken certain measures to improve the security of its platforms, especially its Gmail service, and also asked users and admins to take additional steps to help avoid future attacks.
To prevent phishing and other malicious attacks, Google uses certain tools to ensure customer’s security. Among them is using machine learning to detect spam and phishing emails and scanning email attachments for possible malware. In addition, Google is utilizing its Safe Browsing initiative to prevent users from accessing potentially malicious links and additional challenges are provided in case of suspected unauthorized log-ins of Google accounts. However, there are occasions that these measures are not enough to prevent phishing and malware attacks given that machine learning algorithms do not guarantee 100% detection of phishing emails and malware scanning is limited to a certain file size. These limitations call for quick action from Google when major phishing attempts happen, like what happened this week. In this week’s case, Google claims they were able to fully resolve the phishing attempt in an hour, with updates pushed to Safe Browsing, Gmail, Google Cloud Platform and other counter-abuse systems Google is using, while also taking down fake pages and applications.
Given that there are scenarios where hackers were able to circumvent Google’s efforts to prevent phishing, users and G Suite administrators are asked to take additional steps to make their accounts more secure. Some of the steps that G Suite administrators could take in order to secure accounts include reviewing of third-party access to email accounts and running security checklists once an account is suspected to be compromised. For users, especially those who are using their personal accounts, Google is also recommending certain actions to improve account security. Among others, Google is advising users to take a security checkup, with users looking out for old or unrecognized devices, as well as paying attention to warnings from Google and reporting possibly malicious emails. This week’s attack is not the first time that the 2-factor authentication was circumvented, exposing Google account users to hackers, and it might not be the last, so it is advisable for users to follow the steps provided by Google.