We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Gmail users alerted to suspicious email activity

Feature identifies IP address emails are sent from

Google has laucnhed a new feature in its Gmail webmail service that will alert users if suspcious activity has taken place on their account.

Google hopes to help users combat email fraud and identity theft with the new feature.

Pavni Diwanji, engineering director for Gmail, described the following scenario in a post on the Official Gmail Blog.

"A few weeks ago, I got an email presumably from a friend stuck in London asking for some money to help him out. It turned out that the email was sent by a scammer who had hijacked my friend's account."

Many small and medium businesses - as well as an increasing number of larger companies - rely on the Gmail as their primary messaging platform.

A sharp rise in socially-engineered attacks and identity theft make Gmail account compromises a quickly growing concern.

Google has long had a security feature which displays the last login time for the account and whether or not the account is currently open in another location.

That information should be sufficient for users to identify most compromises or suspicious activity, but apparently it is not overt enough and many users don't pay attention to it.

The new Google approach monitors certain criteria and considers a range of user behaviour to try to identify activity which should raise red flags.

Diwanji explains: "To determine when to display this message, our automated system matches the relevant IP address, logged per the Gmail privacy policy, to a broad geographical location. While we don't have the capability to determine the specific location from which an account is accessed, a login appearing to come from one country and occurring a few hours after a login from another country may trigger an alert."

Diwanji summed up by reminding users to "keep in mind that these notifications are meant to alert you of suspicious activity but are not a replacement for account security best practices".

That is sage advice - particularly for IT administrators, and small and medium businesses that rely on Gmail.

The new suspicious activity alert is a nice feature, but it is not a comprehensive defense and does not enable customers to let their guard down. It is no silver bullet.

Businesses should ensure that users are aware of the new Gmail feature so they are not caught off guard if they see it. A process should be established for escalating the notification to management, or responding to suspicious activity alerts.

By developing a plan for what to do with the information, businesses can capitalise on the feature to augment existing security controls and protect Gmail accounts from fraud and identity theft.

See also: Google fixes Gmail sync tool for Outlook


IDG UK Sites

Amazon Kindle Voyage release date, price and specs UK: a high-end eReader with Amazon’s best-ever...

IDG UK Sites

Why local multiplayer gaming is rapidly vanishing: we look at the demise of split-screen and LAN...

IDG UK Sites

How to successfully bridge the gap between clients and creatives

IDG UK Sites

How to update your iPhone or iPad to iOS 8: including how to install iOS 8 if you don't have room