Google strengthens the security of sensitive actions.
Google announced today that it is improving protections for
certain sensitive actions on Gmail to improve security for all users. The
company's email service, like any other email service, is a lucrative target,
as it may unlock the entire digital life of attacked users of the service.
Attackers have used various means to prolong access on
Gmail. The use of email forwarding and filtering options, for instance, allowed
them to forward certain important emails and hide them from the Gmail user.
Attackers could filter mails from important services, such as from Amazon,
Google, Apple or any other company, so that users would not receive any
warnings, for example, when a third-party tried to gain access to their
accounts.
Last year, Google introduced safeguards to better protect
Google Workspaces accounts. Back then, Google implemented new safeguards for
certain critical actions that could "have far reaching consequences for
the account owner or the organization". Basically, what Google did was add
challenges to these actions that required another step of verification.
This is now extended to certain actions on Google Mail.
Google states that it has selected three sensitive actions on Gmail that
receive the additional protections:
·
Email Filters -- when users create, edit or
import filters.
·
Forwarding -- when users add new forwarding
addresses in Forwarding and POP/IMAP settings.
·
IMAP access -- when users enable the IMAP access
status from settings.
Gmail users receive critical security alerts whenever one of
the listed actions are taken and Google deems it "risky" after
evaluation.
If that is the case, the user will receive a verification
prompt before the change is saved to the account. Google may prompt users to
verify the action using 2-step verification or other means of authentication to
validate the action.
Google evaluates risk factors to determine whether it should
display an additional verification prompt. While the company has not revealed
any specifics, it seems likely that it uses information such as locations, IP
addresses, browsers, time of day and other for evaluation.
If that verification fails, for example, when the malicious
user does can't complete the second verification step, a critical security
alert is automatically pushed on trusted devices.
