Gmails Excellent Security Procedures

The resent news of the spear phishing attach on Gmail users has highlighted some interesting points about Gmail and the security of it. The resent attack which is believed to have originated from China used the same old method of sending users an email that included a malware link which prompted them to enter their Gmail address and password. This info was apparently used to access and monitor their Gmail accounts illegally.



These types of phishing attacks from China are not new. China attacking Google is old news. What is news about this story is how quickly Google was aware of it which meant the numbers of users affected was very limited.



This was not a breach due to any vulnerability in Google’s security systems as it was an attack aimed at the user. This type of phishing attack could have come though any email system. It was up to the user to disclose the information not Google.



This has proven that Google has an excellent intrusion detection system that monitors and flags any unusual behaviour in its GMail accounts which it did in this case. If a UK GMail user had responded to the recent spear phishing e-mail and then their account was accessed from a Chinese IP address, Google will automatically alert this unusual activity to the account user.



In February Google added two-factor authentication for those that want it. Google added this for corporate users of Google Apps for Business in 2010 but now it has rolled out for everyone that wants to use it.



This enhanced verification is a bit like what you see on banking websites where you need your existing password and a special new second passcode to put a payment through. The second passcode is one that you don’t need to write down or memorise because it’s constantly changing. You generate this secondary password by either a smartphone app ‘Google Authenticator’ which is available for Android, iPhone, and BlackBerry or via a one-time text or call sent to a registered mobile. This system is nearly impossible to phish and protects GMail accounts from exposure even if the user did inadvertently disclose their login credentials.



Security has always been an area which Google invests a lot of time and research into. This recent incident has highlighted the level and success of Google’s security procedures and their understanding of online applications.



For more information about Google Apps Email visit Ancoris who are are a authorised Google Apps Reseller.