In May this year, a phishing scam tricked people with what appeared to be Google Docs links and compromised their accounts by giving untrustworthy third-party apps access to their information. While the search giant took care of the situation when the scam was spread initially, it has now introduced more controls to the G Suite admins that will allow them to prevent users from installing third-party apps that might be malicious.
With the latest G Suite update, the search giant has added a new security feature, called OAuth apps whitelisting, which improves data access control and enhances phishing prevention, Reena Nadkarni, Group Product Manager, G Suite, said in a blog post. The new feature essentially allows the admins to specifically decide which third-party apps are allowed to access users' G Suite data.
"Once an app is part of a whitelist, users can choose to grant authorised access to their G Suite apps data. This prevents malicious apps from tricking users into accidentally granting access to their corporate data," Nadkarni said in her post.
With this update, the admins will get "fine-grained" visibility into the third-party apps that are accessing G Suite data, Nadkarni says. The search giant says that the update will be rolled out in phases and should show up for admins over the next few days.
To recall, the Google Docs phishing scam was hard to detect in comparison with earlier scams as it made use of authentic Google login to access to users' information.