A couple of months ago, it was reported that a Google Docs phishing scam was making its rounds on the internet. While such scams aren’t particularly new, what made this particular scam so dangerous was the fact that it appeared to be pretty convincing, but it looks like Google is trying to do their part in preventing it from happening again.In an post on its blog, Google has announced updated security measures that they will be putting into place for its G Suite of apps, one of which is OAuth apps whitelisting which according to Google, should help to prevent phishing attempts in the future. “OAuth apps whitelisting helps keep your data safe by letting admins specifically select which third-party apps are allowed to access users’ G Suite data.”
“Once an app is part of a whitelist, users can choose to grant authorized access to their G Suite apps data. This prevents malicious apps from tricking users into accidentally granting access to their corporate data.” For those who aren’t too sure what this means, basically it means that IT administrators will now be able to allow access by third-party apps only if they have been whitelisted, which should in theory provide a greater degree of control.
It will also help to reduce any accidental instances where an employee might grant access to an unauthorized third-party app, which could lead to information being stolen in a phishing attempt. According to Google, the feature is being rolled out in phases over the next few days, so IT administrators can expect to find it in the Admin console pretty soon, if not already.