- This move by Google will curb phishing attacks via email
- It's a two-step security feature to validate clients using Google's G suites
Starting May 7, 2018, all G suite clients who currently sign-in with Security Assertion Markup Language (SAML) on provider's website, will be brought to a new screen on accounts.google.com to confirm their identity. This screen will provide an additional layer of security and help prevent users from unknowingly signing in to an account created and controlled by an attacker.
This move by Google is to fight phishing, which has become one of the dangerous cyber threats today, as it has the potential to hit finances of large multinational companies to a commoner like us.
"This new screen is intended to prevent would-be attackers from tricking a user (e.g. via a phishing campaign) into clicking a link that would instantly and silently sign them into a Google Account the attacker controls. Today, this can be done via SAML single sign-on (SSO), because it doesn't require a user interaction to complete a sign-in. To protect Chrome users, we've added this extra protection", the company said.
Google also added that user will not be asked to go for two-step verifications every time they try to login to their account. This security feature will ask user only once per account per device. Once he/she has been validated on a particular device, they will be never be asked to go through additional security checking.
What is phishing and how you can safeguard from it?
For those unaware, phishing is a very serious fraudulent practice of sending emails feigning to be from reputable companies or a person. Once they gain victim's confidence, they will persuade the unsuspecting user to reveal personal information, such as passwords and credit card numbers.
Sometimes, the user will be asked to press a link and he/she unsuspectingly click it, which then take them to an unreliable websites and lure them in to installing malware by popping warning messages on their PC (or any smart devices) screen that there is virus in the system and need to download anti-virus firmware immediately.
Again, fearing damage to their devices, naive individuals unsuspectingly click the download button and end installing a malware. Then, hackers take control of victims device and remote scan for sensitive information like financial data including bank accounts, credit/debit card details and sometimes personal photos and later sell them online or later call the victim to demand ransom for not to circulate their intimate photos in the public domain.
So, we advise our readers to be vigilant whenever they get an email from an unknown person or a company and never share any personal or banking details.