G-Suite End-Users Hardened Against Phishing Attacks with BIMI
Phishing attacks are emails that attempt to trick the user to click on a hyperlink to access a system they shouldn’t. In order to convince the user to click, hackers will often include the business logos of trusted brands to bestow a feeling of legitimacy and importance.
On July 21, 2020, Google announced a new security feature that’ll be rolled-out to G-Suite users to help protect them from these kinds of attacks.
The feature implements an emergent email standard called Brand Indicators for Message Identification (BIMI) and its function is to uniquely verify the use of corporate logos using the DMARC system - the same system that’s used to validate the authenticity of an email sender.
Emails delivered to Google’s mail system are scanned for fraud and abuse. Under BIMI, a registered brand logo will be validated and presented to the G-Suite end user in the round avatar slot aside an email. It’s a visual cue that both re-affirms brand-trust and indicates safety to the end user.
Messages that fail validation for the use of a corporate logo are filtered from the end user.
The technical side of BIMI requires email senders to:
use SPF and DKIM, and to publish a specific DMARK enforcement policy for the domain of either “p=quarantine” or “p=reject”.
register their logo with the BIMI working group and publish a BIMI record;
acquire a Verified Mark Certificate for their logo (a Google-specific requirement currently offered by only Entrust, DataCard, and DigiCert).
All of these controls benefit the G-Suite user as fraudulent use of corporate logos would potentially be filtered, making their use within spam and phishing attacks useless.
Google intends to implement this feature (and many others related to mail safety) over the next year.
