7 Tips to Fight Gmail Phishing Attacks7 Tips to Fight Gmail Phishing Attacks
Popular email platforms like Gmail are prime phishing targets. Admins can adopt these steps to keep attackers at bay.
September 8, 2017
Phishing is not a new threat to the enterprise, but it is becoming subtler and more complex as threat actors adopt new strategies to trick their chosen victims.
"Phishing attacks are much more focused, more targeted," explains Mark Risher, director of product management for Google Sign-In, Abuse, and API. "It's no longer about broad-based, opportunistic attacks … now, the phisher is doing his or her homework."
Today's attackers know their victims and learn enough about their circumstances to add credible details to their attacks. Everyone in the consumer space is a potential target, says Risher, who says phishers cast a "fairly wide net" to achieve their goals.
"We have definitely seen a rise in sophistication of phishing attacks over the past few years and a shift toward 'quality' over 'quantity,'" says Amy Baker, vice president of marketing at Wombat Security. Broad-based attacks are still happening, but spearphishing and BEC are on the rise.
"Cybercriminals are increasingly using social media channels to mine for data and lay the groundwork for high-value attacks," Baker continues. "In these situations, we see multi-faceted approaches that incorporate social engineering techniques outside of email that ultimately make an email communication more believable."
Hackers want to take advantage of users' familiarity with Gmail, and other products from high-visibility organizations like Amazon and Facebook. If they can't get a phishing email through corporate safeguards, they know users have fewer barriers on their personal accounts.
"If an employee makes a personal mistake while on a corporate network, that's a win for an attacker," says Baker.
Aaron Higbee, cofounder and CTO at PhishMe, says many pieces of traditional phishing advice still hold true: watch for misleading URLs and don't click on suspicious documents.
However, Gmail users can take precautions by adjusting permissions - one of the tips Google shares in a blog post on the subject.
Here are ways to reduce the risk of phishing attacks specific to Gmail users.
About the Author(s)
Tricks to Boost Your Threat Hunting GameNov 06, 2023
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Gone Phishing: How to Defend Against Persistent Phishing Attempts Targeting Your Organization
Building Immunity: The 2021 Healthcare and Pharmaceutical Industry Cyber Threat Landscape Report
Build a Case for a Password Manager