Google will use authenticated logos to reduce Gmail phishing – The Verge

Google will trial a new security feature in Gmail that shows a brand’s logo as an avatar to help you know an email is genuine, the company has announced. The functionality uses the Brand Indicators for Message Identification (BIMI) standard, whose working group Google joined last year, and will be tested with a limited number of senders in the coming weeks.

According to Google, authentication with BIMI can make recipients more confident about the source of an email, which scammers try and obscure to get people to click on malicious links and/or give up their personal details in a phishing attack. Google will use BIMI in conjunction with another technology, DMARC, which tries to stop scammers from forging the “from” address of an email to pretend it’s coming from a legitimate source.

As Engadget notes, the technology is similar to verified badges social networks use for official celebrity and brand accounts. Google says it’s using two Certification Authorities to validate who owns any particular logo: Entrust Datacard and DigiCert. Google expects to make BIMI more widely available for brands to use in the coming months.

As well as its BIMI trial, Google also announced a host of other security measures for its video conferencing, chat, and enterprise software:

  • Google Meet is getting new controls to secure meetings. Uninvited guests will no longer be allowed to try and “knock” and rejoin a meeting after being kicked out of it, and users will also be blocked from being able to request to join a meeting after being denied multiple times. Hosts are also getting new safety controls to control who and how people can join meetings, and whether they can chat and present once joined.
  • Links sent via Chat will be flagged if Google thinks they’re malicious, and it also plans to introduce reporting and blocking tools for Chat Rooms.
  • G Suite admins are getting new and redesigned controls across its suite of services. Included are tools to make it easier to block certain apps from accessing G Suite data, managing company-owned Apple iOS devices, and new tools to prevent data loss.

For more on Google’s new security features in G Suite, check out Google’s full blog post.