Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Google makes important Workspace change to prevent phishing

Google has made an important change to how it displays comment notifications for Workspace apps, like Docs, to prevent phishing and protect users from malware. This change makes it safer for users to collaborate remotely without worrying about hacks and other types of malicious attacks, and the change is notable at a time when more people are working, learning, and collaborating from home during the global health pandemic.

With the new notification change, Google is now including the full email address of the collaborator in its notification when you receive an @mention, making it easier to safely identify your collaborator and trusted contacts.

Chromebook2 on table.

In the past when a collaborator inserts an “@mention” note to Google Workspace apps, you would get an email in your inbox notifying you that someone has made a change to your document. The problem, however, is that the email notification only contains the commenter’s name and not their email address, making it easy for malicious attackers to target users pretending to be someone who you know and trust. Google’s change should make it easier for you to confirm your collaborator by being able to see the commenter’s email address.

“When someone mentions you in a comment in a Google Workspace document, we send you an email notification with the comment and the commenter’s name,” Google explained of the change. “With this update, we are adding the commenter’s email address to the email notification.”

Google is rolling out the feature now, and it could take up to 15 days for the update to show up for everyone. There are no additional steps users or IT administrators will need to take, according to Google’s Workspace support document. The feature will roll out to all Google accounts, including personal Google accounts as well as legacy G Suite and Business accounts.

“We hope that by providing this additional information, this will help you feel more confident that you’re receiving a legitimate notification rather than a spam or phishing attempt by a bad actor,” Google added.

As more companies begin to or continue to adopt hybrid and remote work environments, technology companies are also stepping up their efforts to help prevent malicious attacks. In addition to Google’s latest efforts to protect Workspace users, last year Microsoft released a new feature for its Teams collaboration platform that makes it more difficult for hackers to steal your personal data by sending look-alike web pages. Microsoft stated that phishing is responsible for nearly 70% of data breaches in its Digital Defense report, and recent changes made by tech companies like Google will ultimately help to keep users safe so as long as they remain vigilant and practice basic security hygiene when it comes to handling unknown links and emails from unknown senders.

Editors' Recommendations

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
This dangerous new hacker tool makes phishing worryingly easy
Computer user touching on Microsoft word icon to open the program.

Setting up phishing campaigns for Microsoft 365 has become a relatively straightforward process due to a phishing-as-a-service (PhaaS) platform named Caffeine.

As reported by Bleeping Computer, the service offers a way for cybercriminals to target individuals in order to obtain access to their Microsoft 365 accounts.

Read more
Google Chrome tops this list of most vulnerable browsers
Google Chrome logo appears over photo of laptop with chart of vulnerabilities.

According to a recent report, Google Chrome is the most vulnerability-ridden browser of all the major players. Chrome also happens to be the most popular browser in the world, accounting for over 60% of usage according to most sources, which means that a larger number of people are at risk until the bugs are fixed.

Every browser suffers from these security weaknesses from time to time, including the increasingly popular Apple Safari, Microsoft Edge, and Mozilla Firefox, but Chrome has had a startlingly high number of weaknesses in 2022. The vulnerability report from Atlas VPN summarized data found in the VulDB vulnerability database. In this year alone, 303 vulnerabilities have been detected in Google Chrome. Firefox came in a distant second with 117, while 103 were found in Edge, and only 26 in Safari.

Read more
New phishing method looks just like the real thing, but it steals your passwords
A MacBook with Google Chrome loaded.

Thanks to a new phishing method, hackers could steal all sorts of personal information by simply mimicking real login forms in Application Mode. This is a feature that's available in all Chromium-based browsers, which includes Google Chrome, Microsoft Edge, and Brave.

Using Application Mode allows threat actors to spread highly believable-looking local login forms that look like desktop applications. In reality, all inputs are sent to a malicious attacker.

Read more