Google Adds New Anti-Phishing Features to Gmail for Enterprise Users

New Gmail security features offer enterprise users improved protection against phishing emails, malicious links and malware.

Cloud storage phishing attacks

Google has rolled out several security updates for enterprise users of Gmail.

The updates include a new machine-learning-based phishing detection capability, click-time warnings for malicious links and warnings for unintended external replies. While Google has designed these security updates with enterprise users in mind, they will become available to all Gmail users.

Also announced this week, are newly integrated features in Gmail that guard against ransomware and polymorphic malware.

Gmail's updated anti-phishing capability uses a new algorithm to flag and delay potentially suspicious messages. Machine learning has already helped Gmail achieve 99.9 percent accuracy in detecting and blocking spam and phishing messages, said Andy Wan, senior product manager of counter abuse technology at Google in a blog.

The new update is designed to drive that number even higher by subjecting emails that look suspicious to rigorous pre-delivery message scanning and analysis, according to Wan.

The selective and brief delay that Google will impose on suspicious looking messages will also give the company an opportunity to check them against real-time updates to its anti-spam filter, Wan said. Less than 0.05 percent of all messages will be subject to such delays, he said.

The new click-time warning feature in Gmail takes advantage of existing Google capabilities such as Safe Browsing and reputation filtering for URLs. When users attempt to click on a link that appears suspicious, Gmail will serve up a warning alerting them to the potential danger.

The Unintended External Replies feature is designed to protect enterprises against emails being inadvertently sent out to the wrong contacts or to the senders of spoofed emails.

Now, when a user attempts to reply to an email in Gmail, Google will first scan the user's contacts and recipient list. If the recipient is external to the user's organization and not present in their contact list, Gmail will display a warning. Users can dismiss the warning and send the email and Gmail will not show the warning for that particular recipient again.

The new malware defenses in Gmail work by correlating spam signals with attachment and sender heuristics. "We classify new threats by combining thousands of spam, malware and ransomware signals with attachment heuristics (emails that could be threats based on signals) and sender signatures (already marked malware)," Wan said.

Such protections now enable Google to better protect corporate Gmail users against zero-day threats, ransomware, and polymorphic malware added Sri Somanchi, Google product manager in a separate blog. Polymorphic malware constantly changes to conform to the platform it is attacking and to elude detection by anti-malware programs.

The new security capabilities also enable blocking of certain risky file types such as JavaScript and executable files, he said. Google will be able to block hundreds of millions more malicious and potentially harmful emails as a result of the new security features, Somanchi said.

The latest updates continue Google's efforts to make Gmail safer to use in an enterprise setting. Earlier this year for instance the company announced a hosted Secure/Multipurpose Internet Mail Extensions (S/MIME) service to encrypt data in transit.

In late 2015, Google introduced a Gmail Data Loss Prevention (DLP) capability to enable companies to protect against sensitive data being leaked in emails. Google also offers a capability that alerts enterprise users whenever they receive an email that cannot be authenticated.

Jaikumar Vijayan

Jaikumar Vijayan

Vijayan is an award-winning independent journalist and tech content creation specialist covering data security and privacy, business intelligence, big data and data analytics.