Significantly more than half of the phishing attempts I see now come from #Google email servers (as proven by the top Received: header line), typically #Gmail. An even larger percentage of the payloads (e.g. "click this link") for these -- closer to 75% these days -- point to GCP (Google Cloud Platform) instances (e.g. via googleapis.com). Google puts a lot of effort into detecting incoming spam and phishes (with varying success) but has become a veritable firehouse of such garbage sent to non-Gmail addresses.
Discussion
Loading...
Post
@lauren Not to defend Google, but when I worked on Yahoo! Mail, one of our biggest sources of spam was Yahoo! Groups (and, yes, we did talk with them about outgoing spam).
"Whack-a-mole" barely describes what it's like to work on spam ... someone described it like this: Imagine a large room with a tiny hole in one of the walls, and behind that hole is some sugar; put ants in the room and eventually one of them will discover the sugar and in an eyblink all the ants are there.
@PeterLudemann For a lot of this stuff that really doesn't wash -- and I've pointed that out directly to the team as well (recently). So many of these would be trivial to detect on egress without even needing the dubious talents of Gemini. The vast majority are impersonations of legit major firms, and include bogus contact information that would could
be easily captured. Most are "call us at this number for help" type scams where they phish for financial information if they're called. I'm unconvinced that G is putting any significant effort into this area (outbound abuse) given the continuous stream of them to non-Gmail destinations and the ease of which they could be stopped.
@lauren Not to disagree with you that Something Should Be Done; but with spam, nothing is "simple" or "obvious". And it's impressive how fast spammers figure out to get around the latest antispam tactic. For outgoing spam, many of the techniques used for incoming spam are not available - although other techniques can be used (whether they are sufficient is another question).
@PeterLudemann I stand by my statement regarding Google's massive failure when it comes to outbound messages from Gmail to non-Gmail systems. And of course keep in mind that I do have some understanding of how those G systems work (or at least used to work) internally, so I have some concept of what's at least possible. But you know as well as I do that nobody wants to work on the legacy systems at G since they're not career ladder enhancing.
@PeterLudemann And within seconds of my writing the above, a would be easy to detect typical "your order was processed, call us if it wasn't you" phish arrived courtesy of Google Calendar.
@lauren A members-only Google Groups that I belong to has been hit with spam from Gmail - the spammers seem to have figured out how to use a compromised Gmail account to request joining and then send spam for furnace duct cleaning, of all things. Our solution has been to manually moderate all new members; fortunately, this hasn't been a huge burden but it turns out that validating Gmail accounts is non-trivial and that even smart computer-savvy people are remarkably unable to follow simple (dare I say "common sense") instructions.
@PeterLudemann Groups and Calendar are now routinely leveraged for outbound spam and phishes.
@lauren time to blacklist them?
@ahoyboyhoy Utterly impractical.