Google has come up with a new way to alert you about potential hacks on your user account.
On Wednesday, the company debuted the redesigned “critical alert” notification, which should be impossible for hackers to spoof.
Unlike an email message, the alert can pop up directly over any Google app you’re using as its own unique notification. When you click through it, Google will tell you it’s possible a hacker may have broken into your account. You can then lock down access and boot the potential intruder out.
“When we detect a serious Google Account security issue, we’ll automatically display an alert within the Google app you’re using and help you address it —no need to check email or your phone’s alerts,” wrote Google Vice President Rahul Roy-Chowdhury in a blog post today.
“The new alerts are resistant to spoofing, so you can always be sure they’re coming from us,” he added. “We’ll begin a limited roll out in the coming weeks and plan to expand more broadly early next year.”
According to The Verge, the new alerts will first arrive for iOS users. The redesign builds on top of Google’s current safeguards, which can already use Android push notifications to alert you about unauthorized sign-ins to your account.
In addition, Google will use email messages to tell users about suspicious login attempts that’ve been prevented. However, the email-based alerts can be easily overlooked when they appear in the user’s inbox alongside numerous other emails.
The other problem is hackers, who can also create fake email alerts pretending to be Google. This happened during the 2016 presidential race when suspected Russian hackers targeted Hillary Clinton aides with spoofed email messages from Google, warning them their passwords had been stolen. The spoofed messages then told the aides to change their passwords by clicking on a link, but doing so actually handed the hackers access to their Gmail accounts.
Google’s security team is well aware of the phishing threat. As a result, the company is experimenting with placing “badges” in the Gmail inbox to distinguish official messages from the company.
“So I definitely expect to see a differential surfacing, or channel, being made available for security notifications to make them much, much harder to miss,” added Jonathan Skelker, Google product manager.
