With the new measure in place, will we still see phishing attacks like the recently halted Google Docs scam?
Google has brought a new measure on board to enhance G Suite security that will provide administrators with greater ability to control third-party data access.
The OAuth apps whitelisting will also allow for enhanced visibility into how third-party applications are using user data with a focus on enterprises.
OAuth works by allowing administrators to choose which third-party apps have permission to access G Suite data of users.
These heightened security capabilities will be beneficial for tackling phishing email attacks, and this links to the recent high profile ‘Google Docs’ phishing attacks that have gained widespread attention in recent months.
The Google Docs attack marked a new level of sophistication for phishing attacks by using the psychological approach of encouraging the user to believe that a friend had sent them a Google Docs attachment.
Upon accessing the attachment, the user would be asked to give permission to the file, and the attack then gained control.
Millions of Gmail account users were caught off guard by the highly convincing trick, as it was replicated rapidly and widely across a body of close to a billion Gmail users. The problem was ongoing but Google has since reclaimed control.
Gmail has suffered from these problems consistently in recent months, with another attack beginning in January that contained an embedded image. The email would arrive from a familiar contact that has already been compromised by the attack.
The new abilities of attackers to easily personalise a phishing email has proven extremely effective in snaring vast numbers of users. Previously attackers would have had to rely upon acting as a reputable business or person, rather than using their own accounts.
Phishing is not the only simple form of cyber attack that has had caused major damage in recent times, with ransomware at the root of some of the most significant instances in recent times.