New Phishing Warnings in GSuite

Phishing attacks continue to grow and criminals are getting more clever at tricking their potential victims. One way to do this is by creating an email account that displays the name of someone you know. The hope is that you glance at the familiar name and proceed to click a link or download an attachment, assuming it’s a trusted sender.

GSuite has developed an alert that detects when a similar sender name is paired with a different email address. We find this very encouraging here at Cyber Safe Workforce, as we teach our clients to take notice of this too. Here’s a screenshot of the alert.


The notice is bold and alerts you to the following:

  1. The name is the same as someone in your contact list
  2. However, the email address didn’t come from your organization
  3. GSuite couldn’t verify that it came from the email address listed in the message
  4. GSuite recommends verifying the email address by contacting the sender through a known means

We’re very encouraged by 1 and 4 and hopeful that this type of notice will limit successful phishing attacks. Were this an urgent request, the alert may be just what’s needed to cause someone to pause and further inspect the email. In our phishing recognition model, you absolutely must check the email address, not just the sender name. Further, even if the email address is what you expect, if the sender requests something valuable or out of character, you must verify before you supply.

Number 2 adds the “EXTERNAL EMAIL” notification. The external notification is important for information handling policies and procedures. If your workplace has a policy that personal email should not be used to conduct work (and it probably should), then this notice serves as a good reminder.

Number 3 may bring confusion instead of clarity. The average person is unaware of how email sender authentication works. Also, if 1 and 2 are in play, does the sender authentication piece really matter?

We’d love to know how this type of notification affects phishing rates. In the meantime, use these steps to educate your employees about phishing:

email safety

Step 1. Who sent the email?

Double check to see that the email came from an email address you know, not just a familiar sender name. If the email address looks strange, or it is from a friend that does not typically contact you at work, verify that it is legitimate before doing anything. Proceed to step 4.

Step 2. Was the email expected?

Were you expecting the email? Was it a follow-up to a meeting, a scheduled event, or is it a random email? Even if the email is from a known source, if it is unexpected or seems odd, proceed to step 4.

Step 3. What is the email requesting?

Is the email asking for personal information or something not typically requested?

Red flags for phishing emails include threats, urgency, promises that appear too good to be true, or content that is out of character for the sender. If in doubt, proceed to step 4.

Step 4. Verify the request.

If something seems fishy, confirm the email’s legitimacy before taking any action.

If the email is from someone you know, call the sender using a verified phone number (not a number supplied in an email).

If the email is from a company and it requests that you click a link, go to the company’s website via a trusted URL to conduct business. Do not click the link.

Are you interested in getting helpful tips like this to your employees on a regular basis? Ask about our Bite-sized Security Awareness service.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s