Google Delaying Some Gmail Messages to Quell Phishing
Google's machine learning model in Gmail 'selectively delays messages … to perform rigorous phishing analysis.'
Google already blocks 99.9 percent of spam and phishing messages from showing up in your Gmail inbox. Now, the web giant is rolling out four new Gmail security features for enterprise customers to help prevent the other 0.1 percent from making it through and tricking you into handing over your company's private information.
That includes early machine learning-based phishing detection, new warnings when you click on a phishing or malware link in a message, as well as "unintended external reply warnings and built-in defenses against new threats," Google's Senior Product Manager for counter abuse technology, Andy Wen, wrote in a Wednesday blog post.
Perhaps most notably, Google is launching a new machine learning model in Gmail that "selectively delays messages … to perform rigorous phishing analysis and further protect user data from compromise," Wen wrote. Google said delay time will be "minimal" and the technology will affect less than 0.05 percent of messages, on average.
Meanwhile, Gmail's new "unintended external reply warnings" also aim to help prevent data loss.
"Now, if you try to respond to someone outside of your company domain, you'll receive a quick warning to make sure you intended to send that email," Wen wrote. "And because Gmail has contextual intelligence, it knows if the recipient is an existing contact or someone you interact with regularly, to avoid displaying warnings unnecessarily."
At this point, around 50 to 70 percent of all messages that Google receives are spam, Wen said.
Online miscreants last month launched a massive Google Docs phishing attack, which hit a number of journalists and individuals from other industries. Clicking a purported Google Docs button in the nefarious message took users to an actual Google page, which asked them to grant access to an app masquerading as Google Docs. Those who inadvertently granted permission gave the attacker full access to their email messages and contacts.
That phishing campaign came after attackers in January targeted Gmail users with a sophisticated ploy designed to steal usernames and passwords.