New anti-spoofing/anti-phishing security features for Gmail

In response to an increased number of email impersonation and phishing attacks, IT Services has recently enabled new security features for your email. You may begin seeing more warning messages like these when you open up an email within the Gmail web interface:

What is spoofing?

Email spoofing is a method of impersonating someone else when sending an email. Some spoofing is legitimate—such as when a trusted application sends a message to students from a university department email address. However, malicious spoofing occurs when untrusted or unauthenticated sources send email pretending to be from a university domain, person, or email address.

Spoofing is a powerful part of email phishing attacks, which use social engineering to trick people into providing sensitive information such as passwords or other data that can be used to compromise identities and systems.

How does Google protect us from spoofing?

With the recently-enabled security features, Google will begin prominently displaying warning messages when you open a message in the Gmail web interface that cannot be verified. There are a few scenarios that might trigger these warnings.

  1. A message sent from an unauthenticated email domain
  2. A message sent from an email domain that is visually-similar to ours
  3. A message sent from an email address and display name that is similar to a account (e.g., Jane Doe <>)

It is important to note that these messages are not supported in most mobile device clients, including the Gmail app. If you read a suspicious message on your mobile device, you might want to view that message in the Gmail web interface to see if Google considers it suspicious as well.

What should I do if I see a message with a warning?

If you receive a message with one of these warnings, you should treat the message with caution.

A sender similar to a name in your organization
You are communicating with someone who is not using a address. This could be someone’s personal account or could be a spoofing attempt. Read the message header information closely to be sure.
A message that could not be verified that it came from the domain
Verify whether or not the message is real by contacting the person or company purporting to have sent the message using means other than replying to the email. If the message turns out to be fake, use the Report Spam or Report Phishing buttons in the warning message to let Google know it should treat that message as malicious.

The more users that take these actions, the faster malicious email messages are removed or blocked by Google.

What should I do if my identity is being spoofed?

IT Services has secured the email domain to help prevent email spoofing, either by blocking such unauthenticated messages or by displaying these prominent warnings so that users will know it is not actually from you.

If you or someone else receive messages that you did not send—especially if Google does not flag them as suspicious—you may report them to IT Services as suspicious.

Posted in: News, Security
Read more about: , , ,

Comments are closed.