Google boosts Gmail's anti-phishing feature
Web email service automatically shows sender's address to combat fake messages
Computerworld - Google this week added an anti-phishing feature to Gmail that automatically displays the sender's address for some messages.
The move is designed to help users spot suspicious messages that try to dupe people into divulging their Gmail log-in credentials or other personal information.
Starting Tuesday, Gmail began showing the sender's email address on all messages from people the recipient had either not sent mail to or were not in his contact list. Additionally, messages sent via a third-party firm -- such as an email marketing bulk mailer, which are often used by retailers to blast out deals -- now automatically display the sending address.
"If someone fakes a message from a sender that you trust, like your bank, you can more easily see that the message is not really from where it says it's from," said Google software engineer Ela Iwaszkiewicz in a post to the company's Gmail blog on Tuesday.
Previously, Gmail users could expose the sender's address by manually clicking on a "show details" link in the email service's interface.
Google published more detail on the new anti-phishing feature on the Gmail support site.
According to that page, Gmail will stop showing the full address of a sender once the recipient communicates with the sender, either by replying to emails or adding the address to Gmail's contact list.
Google uses the message header to uncover the sender's email address, and whether the message was transmitted via a third-party domain.
Other Web mail services lack a similar feature. Microsoft's Hotmail, for instance, will display the sender's address at the user's command, but does not do so automatically. In Hotmail's case, hovering the mouse over the sender's name displays a pop-up that shows the full address.
Google has acknowledged several aggressive phishing attacks aimed at Gmail users, most recently earlier this month when it accused Chinese hackers of running a months-long campaign to hijack the accounts of senior U.S. and South Korean government officials, military personnel, Chinese activists and journalists.
Hackers had sent spoofed email messages purportedly from friends or colleagues that included a link to a fake Gmail login page, which the criminals used to collect usernames and passwords.
China denied that its government was responsible for the attacks.
Data breaches at a host of high-profile companies, from the mass mailer Epsilon to Sony, have also revealed millions of email addresses this year, and put ammunition for targeted phishing attacks -- called "spear phishing" -- in hackers' hands.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
- Watch out Spotify; Google's building YouTube 'Music Key'
- Google goes after Amazon with same-day delivery
- Google offloads mystery barge to marine company
- Google's next frontier: What it means to be healthy
- Google updates the Maps Explore Nearby feature -- for some users
- Chrome gets sharp after dumping 30-year-old Windows technology
- Google moves closer to selling smart contacts
- Google goes mum on Glass release plans
- Samsung Gear Live vs. LG G Watch: A real-world evaluation
- Android Wear deep-dive review: A smart start to smartwatch software
Read more about Security in Computerworld's Security Topic Center.
- PCI 3.0 Compliance In this white paper, learn how PCI-DSS 3.0 effects how you deploy and maintain PCI compliant networks using CradlePoint devices.
- Mitigating Security Risks at the Networks Edge This white paper provides strategies and best practices for distributed enterprises to protect their networks against vulnerabilities, threats, and malicious attacks.
- 5 Strategies for Modern Data Protection Read the five strategies for modern data protection that will not only help solve your current data management challenges but also ensure that...
- 5 Ways Dropbox for Business Keeps Your Data Protected Protecting your data isn't a feature on a checklist, something to be tacked on as an afterthought. Download here to find out how...
- Business-driven data protection Setting up data protection infrastructures with your organizations' core mission or business in mind is key. In this webinar, the ARCserve team will...
- On-Demand Webinar: Mind the Gap! Watch the webinar featuring Bob Janssen, CTO and Co-Founder of RES Software, to start building a solid foundation for business and IT to... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!