New Gmail anti-phishing features rely on machine learning

Google has announced several new security features and improvement of existing ones in order to protect Gmail users against phishing emails.

Gmail anti-phishing features

New features

The new features are intended for users of the various G Suite editions (formerly Google Apps for Work).

G Suite is intended for businesses, educational institutions, and other small and large organizations, and includes a variety of Google services and products (Gmail, Calendar, Google+, Drive, etc.). Depending on the specific plan, organizations can choose custom email addresses (e.g. they can include the organization’s domain), fine-tune security and privacy settings, opt for more cloud storage, and so on.

The new features include:

  • Early phishing detection, and
  • Unintended external reply warnings

“Phishing attempts follow a predictable pattern when you look at them in aggregate, and Gmail’s security experts have developed a new algorithm that flags and delays potentially suspicious messages,” the company explained how the early phishing detection feature works.

The content of these emails is then run through additional checks based on the real-time, last-minute updates to the company’s spam filter and Safe Browsing technology, which tests the results of any links included in the email.

Delivery of such emails can be delayed by up to 4 minutes, and admins are advised not to use this feature instead of anti-malware/phishing software, but in conjunction with it.

Unintended external reply warnings are meant to prevent unintentional data loss, e.g. prevent users from sharing data with senders of forged emails, impersonators, or simply sending data to the wrong contact (a common user error).

“When a user hits reply in Gmail, Google scans the recipient list, including addresses in CC and BCC. If a recipient is both external to the user’s organization and not present in their Contacts, we will display the warning,” the company noted.

Gmail anti-phishing features

The warnings can be dismissed if they are not topical. Also, they won’t pop up if the sender sent the email from a secondary domain or domain alias.

Both of these features are ON by default, and it’s on the administrators to turn them off if they want to.

Old features, improved

URL click-time warnings, which alert users to the potential malicious nature of the sites they visit, are powered by the Google Safe Browsing machine learning technologies. The models used quickly adapt to new discovered patterns, and the technology keeps pace with the changes.

Gmail’s defenses against malicious attachments have also been updated.

“We now correlate spam signals with attachment and sender heuristics, to predict messages containing new and unseen malware variants. These protections enable Gmail to better protect our users from zero-day threats, ransomware and polymorphic malware,” the company noted.

This is addition to blocking attachments in the form of file types that carry a high potential for security risks, e.g. .EXE (executables), or .JS (javascript files).

Unlike the new features, these are meant to protect all Gmail users by default.

Don't miss