The company introduced three new features late Tuesday that it claims will inform users of the origins of certain emails so they can protect themselves from social engineering and phishing attacks. They will help users identify e-mail messages sent to them through forwarding services and using spoofed (faked) sender addresses, according to a post on the Google mail blog.
The new features are designed to expose the real source of e-mail addresses and alert users to suspicious messages that may contain malicious attachments or links, or that may be seeking to harvest sensitive data from the recipient. The company has made minor modifications to the operation of its Gmail Webmail service to accomplish this.
First, messages sent from email addresses that aren’t Gmail contacts will display the email address of the sender in full, rather than a condensed or “user friendly” address that may be misleading. Google also parses much of the message header of email from new or suspicious senders to allow recipients to understand where any particular message was sent from.
Second, Google said Gmail will now disclose when messages have been sent through forwarding services, such as those that power “Share this” features on many Web sites. Starting Tuesday, Gmail will inform the recipient that they are receiving a message from their friend via a given website.
Finally, Gmail will issue warnings to users when they detect suspicious messages that they believe may have been sent from spoofed email accounts, which they do by evaluating the message’s authentication data.
Phishing attacks are an endemic problem online, where users are bombarded with attempts to fool them via e-mail and, increasingly, social networks like Facebook, Twitter, and Tumblr. The attacks are so common because they work. Three quarters of targeted phishing attacks on employees work, according to the security firm Intrepidus.