San Francisco — Phishing–a nagging issue that has caused undesirable harm to the internet at large and global search engine leader Google in general. The company yesterday announced that it has added several visual features aimed at helping its Gmail users in an effort to reduce the effectiveness of phishing emails.
With the nuisance becoming unbearable, Google has decided to start showing more information to Gmail users about who email is actually coming from. The anti-phishing enhancements, documented here, will display more information about the origin of certain e-mails, especially those spoofed or sent on behalf of someone else.
“If someone forges a message from a sender that you trust, like your bank, you can more easily see that the message is not really from where it says it is from,” according to an explanation from Google software engineer Ela Iwaszkiewicz.
Google’s Iwaszkiewicz explains on the Gmail Blog:
I recently received an email from what appeared like my bank saying I should update my account, but it looked a little weird. I clicked on the “show details” link and quickly learned it wasn’t from my bank after all; instead of being sent from First National Bank’s real email address, this message originated from a random South African domain. If I had not viewed these details, I could have been tricked — it was not entirely obvious that this email was a fake.
According to Iwaszkiewicz, Gmail will also automatically identify dubious messages and display a warning (see sample images above) when it looks like someone may have spoofed a Gmail address. Google does this by evaluating the message’s authentication data. Google will now also provide three enhancements to Gmail messages that provide users with a more robust defense against phishing.
“Beginning today, Gmail will automatically display more information about the origin of certain messages you receive so you can be better informed and protect yourself from getting tricked,” Iwaszkiewicz wrote in a post on Google’s official Gmail blog.
The first novel feature consists of displaying the full email address of any sender that does not appear in the recipient’s Gmail contacts list. Also apparent will be full email address information when messages are sent on behalf of another party – and example Google provides is when people share news stories from websites via a “share this story” link. In these cases, the complete email address of the sender will be displayed along with the website URL it was forwarded from.
Finally, Google said it will doubly evaluate a message’s “authentication data” to ascertain if the message comes from a “spoofed” Gmail address. If the web email service believes this is the case, it will display a prominent warning at the top of the message stating that the correspondence may not have been sent by the person or organization noted as the sender.
Google has good reason to continue beefing up Gmail security regarding phishing attempts, Infosecurity notes. Earlier this month the company disclosed a targeted phishing attack against Gmail users, among them several senior US officials, Chinese political activists, and journalists.
More information about the changes is available in the Gmail Help Center.