Google Beef-Up Gmail Security With Monitoring Tools
“With phishing attacks and fraudulent e-mails are on the rise and continue to slip through Google Gmail’s security walls, the Mountain View-based company plans to work with eBay and its PayPal unit in an effort to protect e-mail users.”
Google on Tuesday said it has teamed up with eBay and PayPal to combat phishing scams more effectively. Additionally, Gmail users who are concerned that they did not logout from their accounts in various locations can now remotely sign out from the service.
Google started rolling out a new Gmail privacy feature that allows users to review their Gmail account activity.
“The information Google provides includes the Gmail user’s type of access (browser, mobile, POP3), IP address, date, and time.”
Commencing today, Google will now validate every email that claims to be from “paypal.com” or “ebay.com,” to keep phishers from luring Gmail users to fake eBay and PayPal Web pages in order to steal usernames and passwords.
If a message fails these checks, Google will reject the message and not, as it often did before, allow it through and display a warning message.
PayPal and eBay phishing scams are perhaps some of the most widespread forms of online fraud, so having Google now fully reject these messages is going to at least prevent quite a few more of these.
In an agreement announced today, Google and eBay will utilize DomainKeys and DomainKeys Identified Mail e-mail authentication technologies to help stop fraudulent e-mails enter the Gmail inboxes. The DomainKey helps an ISP to determine whether or not a specific e-mail is authentic, and if it should be delivered. Developed by Yahoo, any e-mail sent with a DKIM will have a type of cryptographic signature that must be accepted by an e-mail server — this case Gmail.com — before being accepted.
Google has been using DomainKeys and Domain Keys Identified Mail since 2004 and both PayPal and eBay has been using it since October 2007. So far, however, Google did not completely block all suspicious emails in order to prevent too many false positives. Now, however, Google is taking a more radical stand and will reject any message that does not authenticate.
Google says it has been testing this for “a few weeks now and it is working so well that few people really noticed.”
The technology, DomainKeys, uses cryptography to verify the domain of the sender of an e-mail. It allows e-mail providers to validate the domain from which an e-mail originates, and it enables easier detection of phishing attempts by helping identify abusive domains.
Last October, Yahoo announced that it was protecting Yahoo Mail users with eBay and PayPal accounts from phishing attempts using the same technology.
The DomainKeys technology is covered by a patent assigned to Yahoo. The company released it under a dual-license scheme that allows the companies to use it royalty-free under the GNU General Public License (GPL 2.0), which enabled the Internet Engineering Task Force to approve it as a proposed Internet standard.
Additionally, if you use Google’s Gmail and like to access your account from several locations — work, office, your smartphone, Internet cafes, etc. — you can now remotely check the status of that account from all your log-in locations. Google announced a new remote signout and monitoring feature designed to enhance security for those who use several computers or connected devices in the course of a day.
“Your e-mail account can contain a lot of personal information, from bank alerts to love letters — E-mail that, I’m sure, you do not always want other people to see,” said Google engineer Erwin D’Souza in a blog post. “We understand how important your Gmail accounts are to you, so we are adding a new layer of information and control. With this new feature, you can now track your recent sessions and you can also sign yourself out remotely.”
Google is in the process of making the feature, which requires either Firefox or Internet Explorer 7, available to its Gmail users. In accounts where it has been enabled, information about past and concurrent Gmail sessions can be seen below the green “You are currently using X MB (X%) of your X MB” storage capacity message, which itself can be found underneath the inbox.
The feature takes the form of a message that indicates other locations where the account is active and when it was last active. A link that opens a detailed account activity window is provided.
Not only will this new feature improve Gmail security, but it is also likely to please law enforcement authorities. In cases where a suspect’s Gmail use is an issue, investigators who might otherwise have to request or subpoena log data from Google may only need access to the Gmail account itself.
Today’s partnership comes as Google revamps Gmail’s security features, including enabling Gmail users to view the number of simultaneous logins to their accounts, and to remotely log out.