New Gmail Security Updates Improves Phishing Detection, External Reply Warning

With new built-in defenses against ransomware and polymorphic malware, Gmail now blocks millions of additional emails that can harm users.

Share online:

Google is helping its enterprise users to keep their data secure with new security features added to Gmail including early phishing detection using machine learning, click-time warnings for malicious links, unintended external reply warnings and built-in defenses against new threats.

In addition, Google also updated its defenses against malicious attachments protecting users from zero-day threats, ransomware and polymorphic malware. Additionally, files types like executable and javascript files are blocked.

Google already "reject message and notify sender when a virus is detected in an email," "prevent sending an infected attachment," and "prevent downloading attachments when a virus detects."

Now, a new algorithm is helping Google to flag and delay up to 4 minutes any petentially suspicious emails for additional checks on the message content. G Suite admins can turn on / off this feature from the admin console.

"This new detection system with Safe Browsing machine learning employs a variety of techniques such as reputation and similarity analysis on URLs, to generate new URL click-time warnings for phishing and malware links," says google.

Gmail Delayed delivery of email messages with suspicious content
Delayed email waring

This release also now displays unintended external reply warnings to G Suite users, when they respond to emails from outside of a company domain — protecting enterprises from forged email, impersonation, as well as common user-error when sending mail to wrong contacts. Because through Gmail's contextual intelligence, "it knows if the recipient is an existing contact or someone you interact with regularly, to avoid displaying warnings unnecessarily."

G Suite reply warning for outside company domain
G Suite email reply warning

Here is how this features work

  • When a user hits reply in Gmail, Google scans the recipient list, including addresses in CC and BCC. If a recipient is both external to the user's organization and not present in their Contacts, we will display the warning.
  • We treat secondary domains and domain aliases like primary domains, so your users will not be warned when emailing users at your subdomains.
  • If the recipient is intended, the user can dismiss the warning and proceed with the response. We won't show the warning again for that recipient.
  • Unintended external reply warning is controlled from the Admin console control in the Advanced Gmail settings and is launching default on. It can be toggled on or off by organizational unit or for your entire domain, Google explained.

G Suite admins now have more control over profile fields, and changes to contacts on/off setting with the changes rolling out on June 26, to user profile management.

Now, editing profile fields such as Name, Photo, Gender, and Birthday are direct under control of G Suite admins — who can decide which fields can be edited by end users, independent of Google+ status. "Admins will continue to be able to set these fields directly yourself where supported in the Admin console, or sync values using Google Cloud Directory Sync."

G Suite profile editability
Profile editing in G Suite admin console

Additionally, Contacts setting is renamed to Directory, and the Contacts on/off setting within it will be removed now. Once removed from the admin console, "we will retain the the Web contacts manager on/off preference you've already specified," said the team.

Google notes, when Contacts Preview eventually replaces current Web contacts manager, "the setting will no longer have any effect, and will be fully deprecated."

And, domains those with existing profile photos despite not having G+ enabled will have photo editability enabled on launch. Admins may change the setting after launch.

G Suite disable profile editing
Disable profile editing

Lastly, outside of this update, Gmail also has a few other security advancements:

  • Hosted S/MIME, to encrypt email while in transit
  • Data Loss Prevention for Gmail, to protect your most sensitive information
  • Alerts when TLS encryption between mailboxes is not supported or when a message can't be authenticated, so you're aware when you email someone whose mailbox does not support encryption

About The Author

Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he's engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.