Google boosts Gmail anti-phishing defenses to tackle BEC fraud

Google claims that new anti-phishing machine learning models available in G-Suite can catches 99.9% of business email compromise (BEC) fraud. 

The search giant is rolling out a range of new security features for G-suite customers to ratchet up defences against the the targeted phishing attack. According to the FBI, businesses worldwide have lost more than $5bn to BEC fraudsters since 2013. 

Google says G-Suite will have “default-on” protections that target typical BEC phishing techniques. It will now automatically flag emails from untrusted senders that have encrypted attachments or embedded scripts, and stop email that forges employee names or that come from domains that look similar to a customer’s real domain.     

Google is also targeting unauthenticated email to address spear phishing attacks and will scan images for signs of phishing attempts and inspect potentially malicious shortened URLs. 

These build on its anti-phishing efforts last year such as warnings that flag when employees may be accidentally replying to someone outside the organization as well as the new G Suite security centre dashboard that launched in January.  

The security security dashboard is also getting updated to provide more insight into potential BEC scams. A new set of charts will show these threats and OAuth activity targeting phishing emails that may not include malicious links. 

IT admins will also have a mobile management chart that displays when a managed device has been hijacked, rooted or jailbroken. 

Finally, Google is adding new protections and controls for Team Drives in order to protect sensitive business information, including information rights management controls  to stop users from printing, downloading and copying files within Team Drives. Admins will soon also be able to restrict access privileges to Team Drives members or only users in the organisations domain.