Google Using Authenticated Logos to Reduce Phishing
The attempt to lower the risk of email phishing continues, and this time Google is getting involved. Google will be testing out a new security feature, where they will use a brand’s authenticated logo in Gmail. Putting this new feature into effect will hopefully minimize scammers’ attempts for a phishing attack, which tries to get people to click on malicious links and/or give up their personal details. This will not only help keep Gmail safe, but also keep the entire ecosystem secure.
This new function follows the Brand Indicators for Message Identification (BIMI) standard, which will give recipients more confidence about where an email comes from. Google will be using BIMI with another technology, DMARC, which stops scammers from adjusting the sender address of an email to make it seem like it’s from a real source. The way it works is, BIMI will allow organizations, who first authenticate their emails using DMARC, to take ownership of their corporate logos. They will then be able to transmit them safely and securely to Google. In order to determine which logos are actually owned, Google is also using two Certification Authorities; Entrust Datacard and DigiCert.
“For organizations that want to create a trusted brand presence over email, BIMI is a great opportunity, incentivizing them to implement strong authentication, which in turn will lead to a safer, more trusted email ecosystem for everyone.”
– Seth Blank, Chair of the AuthIndicators Working Group, and Vice President, Standards and Technologies, Valimail
The BIMI pilot will get going within the next couple weeks, testing on a limited number of senders. If all goes well, organizations will then have the option of choosing whether they want to adopt this standard or not. For the end users, there isn’t much to look out for or do while this takes place, but to try to stay vigilant while Google tests this feature out is helpful. After all, it will benefit us all in the end!
Categorised in: IT Threat