Hands-On G Suite for Administrators
上QQ阅读APP看书,第一时间看更新

Spoofing and authentication

Sometimes, we get messages that attempt to trick us into providing sensitive information by pretending to be a trusted source. This is a very common and effective way to tricking members of the organization into leaking data or providing their credentials:

Spoofing and authentication contains several measures to keep the team protected:

  • Protect against domain spoofing based on similar domain names: A common way to try to trick you into giving your password is showing you a fake login using a similar domain name. This option will make Gmail try to detect this kind of attack. You can choose whether it would be best to just show a warning next to suspicious messages or whether they should be moved to the spam folder directly:
  • Protect against spoofing of employee namesEnabling this will block messages coming from a known address, but which lacks the appropriate certificate. By default, it will keep the message and warn the user that the sender could not be confirmed, but it can be changed to Move email to spam instead so that it can be seen by the user if necessary:
  • Protect against inbound emails spoofing your domainAttackers may attempt to steal information by sending messages using your domain as the origin. These may have a valid address from one of the members of the organization, but it will be lacking a digital certificate. In this section, you can choose how you wish to deal with these kinds of messages within your organization.
    By default, a warning will be shown to users before they open these kinds of messages, but they will be visible from their inbox. As an administrator, you can choose to change this to Move email to spam when they lack the proper certificate:
  • Protect against any unauthenticated emails.This option will target all messages whose sender could not be verified. Usually, this has no action by default. But it's recommended to change it to Move email to spam or to Keep email in inbox and show a warning to warn the user of suspicious content:

It's recommended to use an attack simulator for Gmail at random intervals to train your users into recognizing and acting against different kinds of phishing attacks.

Once or twice a month should be enough to keep everyone on the lookout for this kind of threat.