Google has started deploying anti-phishing security checks for users of its iOS Gmail app, the Internet giant has announced. When users tap on a link Gmail believes to be suspicious, a warning is displayed, advising users to think twice before proceeding.
The rollout includes similar security checks to those offered to Android users in May, reveals the G Suite team, which provides information about new features and improvements for G Suite customers.
When users receive the warning pictured below, the team recommends that “you use caution before proceeding, because the link is likely unsafe. Only proceed if you’re confident there’s no risk.”
“These warnings are intended to prevent harmful phishing attacks and help you keep your account safe,” the team adds.
Phishing has taken a back seat to ransomware in recent years, but that’s not to say it is any less dangerous. In fact, like most other forms of malware, phishing attacks are becoming more sophisticated and harder to catch by the day.
In May this year, Google users were hit with an advanced phishing scheme involving a fake Google Docs application. The spoof posed as a regular email from someone the receiver knew, like a friend or family member. It included a fake Google Docs link that, when clicked, gave hackers full access to the user’s account. Then, using worm-like behavior, the fake Docs app used the account to send the same email to all the user’s contacts, replicating itself.
Phishing schemes involving file-sharing and cloud storage services soared in the first quarter of 2016, taking the lead as the most-targeted sector, ahead of the retail and payment industries.
Research by Bitdefender’s Antispam Lab revealed at the time that one in five malicious URLs used a file-sharing service to deliver malicious payloads.
“Phishing remains a highly effective attack vector that is responsible for an increasingly significant percentage of data loss incidents affecting both end users and companies,” Adrian Popescu, Team Leader of Bitdefender Antimalware Lab, said at the time.
In July, at the Black Hat hacker convention in Las Vegas, a security engineer working at a mobile payment company, showed how phishing scams are getting so good they can even trick tech-savvy users.
Typically, a phishing scheme impersonates a widely known website or service, like Facebook, or an email from companies like PayPal, Apple or Google, asking users to enter their credentials to download a certain file, or to validate their account. Hackers then capture the data and use it for financial gain.
Users should only click on links they can trust. If in doubt, simply hovering with the mouse pointer over the URL can reveal whether the source is what it claims to be.