Google Introduces New Gmail ‘Verify it’s You’ Feature to Protect Users from Phishing Attacks
Phishing is everywhere!
Phishing is everywhere because it is an easy and inexpensive way for miscreants to steal your personal information. Here are some of the reasons why phishing is so prevalent and so successful:
- It is easy to create fake emails that look like they are from legitimate sources. Criminals can use email spoofing to make their emails appear to come from a trusted source, such as a bank or credit card company. This makes it more likely that people will open the emails and click on the links in them
- People are often not careful about clicking on links in emails. Many people are used to receiving emails from legitimate sources, such as banks and retailers. They may not think twice about clicking on a link in an email, even if they are not familiar with the sender.
- Phishing emails often contain urgent requests that make people feel like they need to act quickly. This can create a sense of urgency that makes people more likely to click on links or provide personal information without thinking carefully.
- Phishing attacks are constantly evolving. Criminals are always finding new ways to trick people into falling for their scams. This makes it difficult for people to stay ahead of the curve.
Google adds a new feature to help in the fight against phishing.
In its fight against phishing, Google recently (August 23, 2023) announced a new security feature for Gmail called “Verify it’s you.” This feature will prompt users to verify their identity when they attempt to perform certain sensitive actions, such as changing their password, enabling 2-step verification, or forwarding emails to another address.
Sensitive actions in Gmail fall under three categories:
- Filters: Creating a new filter, editing an existing filter, or importing filters.
- Forwarding: Adding a new forwarding address from the Forwarding and POP/IMAP settings.
- IMAP access: Enabling the IMAP access status from the settings.
The “Verify it’s you” prompt will also appear when Google detects that the user is trying to perform a sensitive action from a new or unusual device or location.
The new “Verify it’s you” feature is designed to help protect users from phishing attacks. Phishing attacks are a type of cybercrime where attackers send emails that appear to be from a legitimate source, such as a bank or credit card company. The emails often contain a link that, when clicked, takes the user to a fake website that looks like the real website. Once the user enters their login information on the fake website, the attacker can steal it.
The “Verify it’s you” feature can help protect users from phishing attacks by making it more difficult for attackers to gain access to their accounts. By requiring users to verify their identity before they can perform specific sensitive actions, Google can help to make sure that only the real user can access the account.
Google will “evaluate the session attempting the action, and if it’s deemed risky, it will be challenged with a ‘Verify it’s you prompt.’”
The “Verify it’s you” feature is rolling out now to all personal Google Accounts and Workspace customers. According to Google, everyone should have this feature by September 6, 2023. So, if you have not yet seen the prompt, you may see it soon.
Here are some tips for staying safe from phishing attacks:
- Be suspicious of emails that ask for personal information, such as your password or credit card number.
- Never click on links in emails from people you don’t know.
- Never click on links in emails that appear to be from banks or other financial institutions prompting you to “verify” your account or password.
- If you’re not sure if an email is legitimate, go directly to the website of the bank, financial institution, or company that sent the email.
- Use good security software like Emsisoft and keep it updated.
- Always use a strong password and wherever possible, enable 2-step verification for your accounts.
By following the tips above, and by being ever wary and vigilant, you can help to protect yourself from phishing attacks. And Gmail’s new “Verify it’s you feature”, adds another layer of protection for those of you who use Gmail.