Check Point Research (CPR) warns against blindly relying on the fact that Google's email inbox, GMail, intercepts all attacks and is therefore untouchable. Many companies of all sizes use Gmail or the larger Google Workspace. 92 percent of start-ups worldwide use Gmail and 60 percent of medium-sized companies also use it. More than 5 million companies use GMail.

GMail security under the radar

Nevertheless, a large part of the security discussion revolves around Microsoft and its operating system. That's certainly true, as security researchers at Check Point note, but it's time to talk about the security of GMail. Attackers aren't just targeting email, but the entire Google workspace, including popular applications like Docs and Slides.

Attack via collaborative Google tools

Avanan, which was acquired by Check Point, published an attack report on the Google Docs Comment exploit earlier this year. The attack occurred when an attacker added a comment to a Google Doc (or any part of the Google Workspace). The destination is mentioned with an @ symbol. This will automatically send an email to that person's inbox.

This email, which really comes from Google, contains the entire comment, including the contaminated links and fraudulent text. In addition, the email address is not displayed, only the sender's name, which makes it very attractive for copycat attackers. From the research, security researchers know that Google only achieves a mediocre result when it comes to preventing phishing emails from reaching the inbox.

Companies need additional support

These results prove that Gmail may be a good mailbox, but blindly relying on standard protection is negligent. Specialized providers of email security solutions are therefore not superfluous, but rather the means of choice for keeping every company's correspondence and data secure.

Conclusion

Google, GMail and other collaborative Google tools play an important role in companies. However, attackers can tag users in companies using the @ function in comments and thus trigger an email with malicious content to them. Google's defense mechanisms do not reliably filter out such fraudulent emails. Security experts say it is negligent for a company to rely solely on the Google security architecture.

You might also be interested in: WhatsApp: Innovations for group chats being planned

Source: Press portal


If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:

📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.

Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!

* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!


Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )