Google has rolled out new security features for Gmail customers, including early phishing detection using machine learning, click-time warnings for malicious links and unintended external reply warnings.
The new machine learning models in Gmail are based on a dedicated service that selectively delays messages (less than 0.05% of messages on average) to perform rigorous phishing analysis and further protect user data from compromise. This helps block spam and phishing messages from showing up in the inbox with over 99.9% accuracy, according to Andy Wen, senior product manager for Counter Abuse Technology at Gmail.
“This is huge, given that 50 to 70% of messages that Gmail receives are spam,” he said.
The detection models also integrate with Google Safe Browsing’s machine learning technologies for finding and flagging “phishy” and suspicious URLs, and then combine a variety of techniques (such as reputation and similarity analysis on URLs), allowing Gmail to generate new URL click-time warnings for phishing and malware links.
“As we find new patterns, our models adapt more quickly than manual systems ever could, and get better with time,” Wen said.
On the warnings front, Gmail for Work now displays unintended external reply warnings to users to help prevent data loss. For instance, if a user tries to respond to someone outside of her company domain, she will receive a quick warning to make sure she intended to send that email. It's a good first line of defense against imposter campaigns, like business email compromise/whaling attacks.
“Because Gmail has contextual intelligence, it knows if the recipient is an existing contact or someone you interact with regularly, to avoid displaying warnings unnecessarily,” Wen explained. “When employees are empowered to make the right decisions to protect data, it can improve an enterprise’s security posture.”
Gmail also has now built in defenses against ransomware and polymorphic malware, by combining thousands of spam, malware and ransomware signals with attachment heuristics (emails that could be threats based on signals) and sender signatures (already marked malware).
Other new features include the implementation of hosted S/MIME, to encrypt email while in transit; the Data Loss Prevention for Gmail service to protect sensitive information, and alerts when TLS encryption between mailboxes is not supported or when a message can’t be authenticated.