How to Prevent Phishing and spoofing attacks and implement the advanced malware protection?

Email advanced safety features

 

As an administrator, you can protect incoming mail against phishing and harmful software (malware). You can also choose what action to take based on the type of threat detected. 

Advanced security settings

  • Attachments—Protection against suspicious attachments and scripts from untrusted senders. Includes protection against attachment types that are uncommon for your domain, these can be used to spread malware.
  • Links and external images—Identify links behind short URLs, scan linked images for malicious content, and display a warning when you click links to untrusted domains.
  • Spoofing and authentication—Protection against spoofing a domain name, employee names, email pretending to be from your domain, and unauthenticated emails from any domain. Unauthenticated emails display a question mark next to the sender’s name. Spoofing protection can be turned on for private groups, or for all groups.

With advanced settings, you can:

  • Automatically turn on and apply future recommended settings. This ensures maximum protection for email and attachments for your domain.
  • Provide the strongest level of protection for a domain or organizational unit by turning on all security options.
  • Customize security settings by checking only the options you want to turn on. Unchecking all options turns off all advanced security settings for the domain or organizational unit.
  • Specify an action for each security option you turn on. If you don’t select an action, the default action is applied to the security option.

 Note: These advanced security settings work independently of other spam rules.

Note: Warning banners (yellow box) appear only in Gmail web. Third-party apps do not display a warning banner.

 

How selected actions impact users

 

Below are the list of actions you will get select under each advanced security settings:

  • Keep email in inbox and show warning (Default)-  Messages are delivered to the user's inbox. The user sees a warning banner about the message. Users can open and read the message with this option.
  • Move email to spam - Messages are delivered to the user's spam folder. Users can go to the spam folder and open and review spam messages. Users can mark messages as "not spam" if applicable. 
  • Quarantine - When this action is selected, users don't see anything. Messages are sent to admin quarantine and the admin reviews them to determine whether or not they are safe, and then "Allow" message to be delivered to users' inbox.

Find the Advanced Safety Settings

  • From the Google Workspace Admin console, go to Apps
  • This will open up Google Workspace, then Select Gmail
  • This will open the Gmail settings from that select  Safety.
  • Here you can scroll down to see the different advanced security/safety settings and configure them accordingly.

Let’s go through each advanced security setting:

1) Turn on attachment protection

  • In the Safety section, scroll to Attachments.
  • Select the setting and action you want to apply to incoming emails
    •  Protect against encrypted attachments from untrusted senders -   Protect against attackers who use encrypted attachments, which can't be scanned for malware. 
    • Protect against attachment with scripts from untrusted senders -  Protect against documents that contain malicious scripts that can harm your devices. 
    • Protect against anomalous attachment types in emails -  Protect against attachment file types that are uncommon for your domain. Uncommon and archaic file types can be used to spread malware.

                You can allowlist uncommon file types that you approve and that are regularly sent          

               to your domain. Messages with allowlisted file attachments are delivered to the    

              recipient's inbox. 


    • Apply future recommended settings automatically -  When we add new, recommended security settings for attachments, those settings are turned on by default.

Choose the appropriate actions according to your domain policies and preferences

2) Turn on suspicious email link protection for IMAP users

  If users in your organization send and receive email using supported, third-party IMAP    email clients, we recommend you turn on link protection for IMAP clients.

When link protection is on for IMAP clients, clicking a link in a recent message starts a malicious link check. If no malicious links are detected, the recipient is taken to the destination. For older messages, a window might appear, and you can tap or click to open the link.

3)Turn on external images and links protection

  • In the Safety section, scroll to Links and external images.  
  • Select the desired security settings.
    •  Identify links behind shortened URLs -   Allow discovery of harmful links hidden behind shortened URLs.
    • Scan linked images -  Allow scanning of images referenced by links to find hidden malicious content.
    • Show warning prompt for any click on links to untrusted domains - Gmail displays a warning when you click a link to untrusted domains in any email message. If this feature isn't on, warnings only appear for clicks to untrusted domains from suspicious emails.
    • Apply future recommended settings automatically -   When we add new, recommended security settings for links and external images, those settings are turned on by default.

4) Turn on spoofing and authentication protection

  • In the Safety section, scroll to Spoofing and Authentication.
  • Select the settings and actions you want to apply to incoming emails. See details below.
    • Protect against domain spoofing based on similar domain names -  Protect against incoming messages from domains that appear visually similar to your company's domains or domain aliases.
    • Protect against spoofing of employee names -  Protect against messages where the sender's name is a name in your Google Workspace directory, but the email isn't from your company domain or domain aliases.
    • Protect against inbound emails spoofing your domain- Protect against potential Business Email Compromise (BEC) messages not authenticated with either SPF or DKIM, pretending to be from your domain. 
    • Protect against any unauthenticated emails -  Protects against messages that are not authenticated. Messages must be authenticated (by any domain) with either SPF or DKIM (or both).

*


    • Protect Groups from inbound emails spoofing your domain - Protect your Google Groups from inbound emails spoofing your domain. You can apply this setting to all groups or to private groups only.
    • Apply future recommended settings automatically - When we add new, recommended security settings for spoofing and authentication, those settings are turned on by default.

Choose the appropriate actions according to your domain policies and preferences.

Please note that for the settings where you need to choose an action, it is always recommended to choose the maximum possible level of action(quarantine) as far the security is concerned.

However, according to your domain policies and preferences, you can choose the options accordingly.

For more information please refer to the link

.