Google Introduces New Gmail ‘Verify it’s You’ Feature to Protect Users from Phishing Attacks
Phishing is everywhere!
Phishing is everywhere because it is an easy and inexpensive way for miscreants to steal your personal information. Here are some of the reasons why phishing is so prevalent and so successful:
- It is easy to create fake emails that look like they are from legitimate sources. Criminals can use email spoofing to make their emails appear to come from a trusted source, such as a bank or credit card company. This makes it more likely that people will open the emails and click on the links in them
- People are often not careful about clicking on links in emails. Many people are used to receiving emails from legitimate sources, such as banks and retailers. They may not think twice about clicking on a link in an email, even if they are not familiar with the sender.
- Phishing emails often contain urgent requests that make people feel like they need to act quickly. This can create a sense of urgency that makes people more likely to click on links or provide personal information without thinking carefully.
- Phishing attacks are constantly evolving. Criminals are always finding new ways to trick people into falling for their scams. This makes it difficult for people to stay ahead of the curve.
Google adds a new feature to help in the fight against phishing.
In its fight against phishing, Google recently (August 23, 2023) announced a new security feature for Gmail called “Verify it’s you.” This feature will prompt users to verify their identity when they attempt to perform certain sensitive actions, such as changing their password, enabling 2-step verification, or forwarding emails to another address.
Sensitive actions in Gmail fall under three categories:
- Filters: Creating a new filter, editing an existing filter, or importing filters.
- Forwarding: Adding a new forwarding address from the Forwarding and POP/IMAP settings.
- IMAP access: Enabling the IMAP access status from the settings.
The “Verify it’s you” prompt will also appear when Google detects that the user is trying to perform a sensitive action from a new or unusual device or location.
The new “Verify it’s you” feature is designed to help protect users from phishing attacks. Phishing attacks are a type of cybercrime where attackers send emails that appear to be from a legitimate source, such as a bank or credit card company. The emails often contain a link that, when clicked, takes the user to a fake website that looks like the real website. Once the user enters their login information on the fake website, the attacker can steal it.
The “Verify it’s you” feature can help protect users from phishing attacks by making it more difficult for attackers to gain access to their accounts. By requiring users to verify their identity before they can perform specific sensitive actions, Google can help to make sure that only the real user can access the account.
Google will “evaluate the session attempting the action, and if it’s deemed risky, it will be challenged with a ‘Verify it’s you prompt.’”
The “Verify it’s you” feature is rolling out now to all personal Google Accounts and Workspace customers. According to Google, everyone should have this feature by September 6, 2023. So, if you have not yet seen the prompt, you may see it soon.
Here are some tips for staying safe from phishing attacks:
- Be suspicious of emails that ask for personal information, such as your password or credit card number.
- Never click on links in emails from people you don’t know.
- Never click on links in emails that appear to be from banks or other financial institutions prompting you to “verify” your account or password.
- If you’re not sure if an email is legitimate, go directly to the website of the bank, financial institution, or company that sent the email.
- Use good security software like Emsisoft and keep it updated.
- Always use a strong password and wherever possible, enable 2-step verification for your accounts.
By following the tips above, and by being ever wary and vigilant, you can help to protect yourself from phishing attacks. And Gmail’s new “Verify it’s you feature”, adds another layer of protection for those of you who use Gmail.
Is this in addition to just having to sign in to Google to enable syncing across devices? I’ve been doing this for a year (a long time, at least). While it can be a pain, I feel rather secure that nobody can send email or get into my G-Drive stuff than me.
This does not involve syncing per se. See the article for what it does include.
It would be nice if Google would realize that not everyone in this Universe uses a smart phone that has texting. Yes, that would be me. I have and use a landline phone but Google insists that I enter the confirmation number sent to that landline phone. Could someone explain to the folks at Google that landline phones don’t use texting?
I will continue to ignore Google verification attempts.
You continue to ignore verification attempts at your own peril. “Verify it’s you” is not just for smartphones. It’s for Windows users, Chromebook users, Apple MAC users, smartphone users, Linux users — it’s for anyone with a Google account. You have an option to receive warning via a phone call – not just texts. Continuing to ignore warnings of account access attempts can certainly lead you your being phished. Be careful. We don’t want to see that happen to you.
Well it all sounds well and good until you find yourself (and not just I’m experiencing this ) stuck in an endless verify me loop – you have the correct password, 2FA etc, supply the verification code, and then Google tells you to wait 7 days…so you wait… then try and log in…then it tells you to wait some more days! Really, really frustrating, especially if you are creating time sensitive content for YouTube. I wish there were some solutions or at least some live help available rather than just useless Google help forums:(
I’ve never had that problem so I cannot tell you why you did. I have several accounts and have not had any problems.