Safer Internet Day: 5 tips to combat threats in Gmail

In the context of Safer Internet Day, and given the rise of credential theft as the main attack vector in the region, these tips aim to help users detect phishing attempts and strengthen the protection of their Gmail accounts against increasingly sophisticated threats.

According to Mandiant’s M-Trends 2025 report, credential theft (18%) surpassed phishing (16%) as an attack vector in the Americas, second only to vulnerability exploitation (28%). The study indicates that the average detection time in the region is 10 days, dropping to just 6 days in ransomware cases. It also highlights that 62% of ransomware victims in the region only become aware of the intrusion when notified by the attacker, underscoring the urgent need for proactive defenses.

Phishing messages typically request personal or financial information and demand urgent actions, such as clicking on links or downloading software, with the aim of deceiving the victim. They exploit false trust, as they appear to originate from trusted organizations (such as banks, social media platforms, or workplaces) or from known individuals (such as family members, friends, or colleagues).

Recommended steps to identify deceptive requests and protect your Gmail account:

1: Perform rigorous sender validation

Before any interaction, verify that the email address and display name match. Beware of domains that mimic well-known brands with subtle character alterations. If you receive a suspicious email requesting personal information, report it as phishing, and emails from that sender will be directed to your spam folder.

2: Scan links

Use the preview function when hovering over hyperlinks. If the destination URL doesn’t match the message context or uses suspicious URL shorteners, avoid clicking. Google has implemented link protections in all official Gmail clients (Web, Android, iPhone, and iPad) to prevent links to harmful websites from harming users.

3: Carefully Analyze Requests for Confidential Data

Financial institutions and government services never request confidential information via email, such as passwords, credit card numbers, or personally identifiable information. For secure transmission of this information, it is recommended to use Confidential Mode, which allows sent messages to have an expiration date and prevents the recipient from copying, forwarding, or printing the content, and End-to-End Encryption, a security standard that ensures data remains encrypted both during storage (at rest) and during transmission between data centers (in transit).

4: Enable Multi-Factor Authentication (MFA)

Turn on Multi-Factor Authentication (MFA), a robust final layer of protection designed to prevent unauthorized access to a user’s account, even in the most critical situations where login credentials (username and password) have been completely compromised. This means that even if a phishing attack is successful and the cybercriminal manages to obtain the user’s valid credentials, they will be denied access to the account.

5: Pay attention to alerts

Gmail uses machine learning models to display alerts on suspicious messages. Users should heed these alerts and report the content immediately. Additionally, if an email is identified as phishing or appears suspicious, it may be marked with a warning or automatically moved to the spam folder. Manually transferring an email to the spam folder sends a copy of the message and all attachments to Google for analysis and to protect users from spam and abuse.

Advanced Protection Against Online Threats

Under a Zero Trust model that continuously verifies every access, Gmail’s defense technologies block over 99.9% of spam, phishing, and malware. Thanks to the implementation of new AI models, which now detect 20% more spam and process a massive volume of daily reports, the platform identifies threats in real time to protect devices against malicious links and files. To maximize this security, users are encouraged to adopt alternatives such as Passkeys and actively report attacks.

Source: www.itsitio.com