Google boosts Gmail's anti-phishing feature
Web email service automatically shows sender's address to combat fake messages
Computerworld - Google this week added an anti-phishing feature to Gmail that automatically displays the sender's address for some messages.
The move is designed to help users spot suspicious messages that try to dupe people into divulging their Gmail log-in credentials or other personal information.
Starting Tuesday, Gmail began showing the sender's email address on all messages from people the recipient had either not sent mail to or were not in his contact list. Additionally, messages sent via a third-party firm -- such as an email marketing bulk mailer, which are often used by retailers to blast out deals -- now automatically display the sending address.
"If someone fakes a message from a sender that you trust, like your bank, you can more easily see that the message is not really from where it says it's from," said Google software engineer Ela Iwaszkiewicz in a post to the company's Gmail blog on Tuesday.
Previously, Gmail users could expose the sender's address by manually clicking on a "show details" link in the email service's interface.
Google published more detail on the new anti-phishing feature on the Gmail support site.
According to that page, Gmail will stop showing the full address of a sender once the recipient communicates with the sender, either by replying to emails or adding the address to Gmail's contact list.
Google uses the message header to uncover the sender's email address, and whether the message was transmitted via a third-party domain.
Other Web mail services lack a similar feature. Microsoft's Hotmail, for instance, will display the sender's address at the user's command, but does not do so automatically. In Hotmail's case, hovering the mouse over the sender's name displays a pop-up that shows the full address.
Google has acknowledged several aggressive phishing attacks aimed at Gmail users, most recently earlier this month when it accused Chinese hackers of running a months-long campaign to hijack the accounts of senior U.S. and South Korean government officials, military personnel, Chinese activists and journalists.
Hackers had sent spoofed email messages purportedly from friends or colleagues that included a link to a fake Gmail login page, which the criminals used to collect usernames and passwords.
China denied that its government was responsible for the attacks.
Data breaches at a host of high-profile companies, from the mass mailer Epsilon to Sony, have also revealed millions of email addresses this year, and put ammunition for targeted phishing attacks -- called "spear phishing" -- in hackers' hands.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
- Google updates the Maps Explore Nearby feature -- for some users
- Chrome gets sharp after dumping 30-year-old Windows technology
- Google moves closer to selling smart contacts
- Google goes mum on Glass release plans
- Samsung Gear Live vs. LG G Watch: A real-world evaluation
- Android Wear deep-dive review: A smart start to smartwatch software
- Google's Larry Page talks of killing the 40-hour work week
- Google terminates Quickoffice apps on Android, iOS
- Google I/O looks to be about more than Android
- Google eyes 3D vision tech for experimental tablet
Read more about Security in Computerworld's Security Topic Center.
- EndPoint Interactive eGuide In this eGuide, Network World, Computerworld, and CIO examine two endpoint trends - BYOD and collaboration - and offer tips and advice on...
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!