Skip navigation

New Phishing Tactics & Gmail Phishing Prevention

Phishing - it’s an old technique used in new ways to trick users into clicking malicious links, opening malware-laden attachments and freely giving away their usernames and passwords into convincingly credible-looking web forms. Here’s the latest on new phishing attacks and how one email provider is fighting back:

Phishing Attacks Abuse HTTPS

It’s getting harder for users to identify websites spoofed in phishing attacks now that attackers are using HTTPS to encrypt data sent over the Internet, according to a Cisco blog. Users are often trained to look for the small green lock icon in the address bar of the (in this case, Google’s Chrome) browser to verify the security of a web page.

Google's Chrome HTTPS Lock

By signing phishing domains with a certificate, attackers are abusing users’ trust in HTTPS. According to Cisco, these can be obtained from certificate authorities for free, lending spoofed web pages the look of security.

However, while the lock can indicate that the connection might be secure, the content of the page is not guaranteed to be secure. On spoofed web pages, attackers can serve up legitimate-looking login forms that steal user credentials.

While users should also check the actual URL of the link they’re clicking on, sometimes the full address isn’t always visible or is cut off - which can lead to users relying on other indicators of website security that aren’t always reliable.

New Gmail Features Block Malware Attachments

Google recently announced new security features for Gmail customers that can detect phishing via machine learning and warn users about malicious links.

According to Google’s blog, machine learning has helped Gmail achieve 99% accuracy in spam detection, blocking millions of messages daily - and since 50-70% of all Gmail messages are spam, that is major.

Gmail now predicts messages that contain ransomware and malware, and blocks the use of certain file types, including executable and JavaScript files.

Suspicious URL Warning

Gmail Suspicious URL Warning By integrating with Google Safe Browsing machine learning technology, Gmail can detect and flag suspicious URLs found in email messages, prompting Android users as they click.

This can help prevent users from falling for email phishing attempts to lure them to malicious websites.

Image source: G Suite Updates

Unintended External Reply Warnings

Do you know who you’re actually replying to? Gmail now shows a prompt to warn users as they respond to emails sent to someone outside of your company domain as an extra precaution.

This is helpful to identify accidental CC’ing or email addresses masquerading as company domain names, known as email spoofing. Gmail also uses contextual intelligence to avoid prompting you for existing contacts or someone you interact with regularly.

Spoofed Pentagon Email Addresses

According to ForeignPolicy.com, phishers sent fake emails that appeared to come from the Defense Security Service (DSS), a wing of the Pentagon providing military, defense agency and contractor support.

While there was limited information about the intentions of the attack, the DSS works as an interface between the government and cleared industry to protect U.S. and foreign classified information. A DSS reply to a hidden recipient could result in the unintended disclosure of classified information - this is a prime example of how a feature that stops unintended external replies could help stop an information leak.

Phishing Assessment & Report

Check out our free phishing assessment tool that allows you to send targeted internal phishing emails to members of your organization, Duo Insight. Identify risky users and monitor your company’s risk of being phished with Duo’s interactive dashboards, available through our Phishing Simulator feature as part of our Duo Access edition.

2017 Duo Trusted Access Report - Phishing

We did an analysis of the data collected from our Duo Insight phishing tool to give you insight into how many people opened emails, clicked on links, entered their credentials and more, using out-of-date and potentially risky devices.

62% of phishing campaigns captured at least one set of credentials.

Download newly released The 2017 Duo Trusted Access Report to get:

  • An analysis of the security hygiene of enterprise endpoints
  • An overview of industry and geographic trends
  • A closer look at the state of mobile security

We collected and analyzed data on 4.6 million endpoints completing over two hundred million authentications a month. The report reveals year-over-year trends on security health indicators, including how up to date enterprise devices are, how many are using mobile security features, what is their risk of getting phished, and much more.

Download Report

Thu Pham

Information Security Journalist

@Thu_Duo

Thu Pham covers current events in the tech industry with a focus on information security. Prior to joining Duo, Thu covered security and compliance for the infrastructure as a service (IaaS) industry at Online Tech. Based in Ann Arbor, Michigan, she earned her BS in Journalism from Central Michigan University.