Google now blocks Workspace account hijacking attempts automatically

Google Workspace (formerly G Suite) now has stronger protections for risky account actions, automatically blocking hijacking attempts with identity verification prompts and logging them for further investigation.

This added layer of security will block threat actors who gain access to a user’s account to protect personal data and sensitive information belonging to their organization.

The enhanced account protection capabilities are available to all Google Workspace customers, including legacy G Suite Basic and Business customers.

“Google will evaluate the session attempting the action, and if it’s deemed risky, it will be challenged with a ‘Verify it’s You’ prompt,” Google said.

“Through a second and trusted factor, such as a 2-step verification code, users can confirm the validity of the action.”

For instance, this new feature would block sensitive actions such as attempts to change the account’s name until “the true account owner can verify that this was intentional.”

Admins can disable it for users stuck behind login prompts

Google added that admins could also temporarily disable login challenges triggered on sensitive account actions for users who can’t get past the verification prompts.

“In the Admin console under Users > ‘UserName’> Security, admins can toggle login challenges OFF for ten minutes if a user gets stuck behind a ‘verify it’s you prompt’,” the company explained.

“We strongly recommend only using this option if contact with the user is credibly established, such as via a video call.”

It’s also important to mention that this feature only supports users using Google as their identity provider, blocking actions taken within Google products, with SAML users not being supported now.

This update builds on a previous Google Workspace security improvement announced in June, with new alerts added to inform of critical and sensitive changes to admin accounts.

Google has further secured Workspace users from attacks by rolling out new Google Drive warning banners in January to warn them of potentially suspicious files used for malware delivery and phishing attacks.

One year ago, in June 2021, the company also added new Google Drive phishing and malware protections for enterprises that automatically mark all suspicious files, making them only visible to admins and owners.

Source :