Prevent and Guard Phishing Attacks on G Suite

Help your users avoid phishing attacks by implementing the Password Alert extension to your domain. Password Alert will detect and notification shall be received by Admin if users enter their Google password into any website other than Google Sign-in page accounts.google.com.

In addition to the default features of  Chrome, Admin can deploy the Password Alert Server to enable the option password alert audit report, send email alerts, and force end-users to change their Google password if entered into a non-trusted webpage.

To deploy the Password Alert extension and server for a Google Cloud domain you manage, refer to the Password Alert Deployment steps. Follow critical steps required for a successful deployment of Password Alert:

-Configuring and deploying the Password Alert Server hosted on the Google Server

-Configuring and deploying the Password Alert Chrome extension and rules

-Using the Password Alert Admin interface

-Deploying the Password Alert best practices

Password Alert Server Requirements

Admin needs the following items before you install Password Alert:

G Suite: Admin needs to be able to use Chrome App Management and the Google Admin SDK. These services are needed to deploy the extension and to force password resets.

Google App Engine needs to be installed. The Password Alert Server application shall need to be hosted on the Google App Engine.

Access to GitHub: need to access GitHub to acquire the Password Alert pre-built Server application files. Admin can also choose to compile and view the source code.

Access to the Chrome Web Store: need to access the Chrome Web Store to install the Password Alert Chrome extension.

End-User Requirements

Password Alert only begins working for each user after they log in to their Google Cloud account on their trusted Chrome browser. Each user must:

-Sign in to their Chrome: Users will need to sign in to their Google Cloud account on their Chrome browser. You can remove this requirement by setting a pre-shared key and then deploy the extension and a policy template to your device managed through your corporate account.

-Sign in to Google Account: Users will need to re-sign into accounts.google.com to initialize Password Alert. Users are automatically prompted to sign in every two weeks. Admin can also configure the code for the prompt installation of users to sign in to accounts.google.com immediate basis.

Please note, The Password Alert feature is not supported by the G Suite support team. Password Alert is an open-source solution to be installed, run, and maintained by each G Suite Domain.

To Guard Phishing Attacks, we need to install additional Protection Program

To begin with, Advanced Protection is recommended for anyone who is targeted via online attacks such as journalists, activists, business leaders,  IT admins, public figures and the like. Targeted attacks could be low in volume, carefully crafted and designed, phishing attacks, often personalized to individuals, and can be hard to differentiate from legitimate activity. To guard against these attacks need built-in security keys in every individual phone, laptop, and computer that could be MAC or Android or iPhone.