Threat types

Security health page

Supported editions for this feature: Frontline Standard; Enterprise Standard and Enterprise Plus; Education Standard and Education Plus; Enterprise Essentials Plus. Compare your edition

The security health page enables you to address many types of security threats—for example, malware, data exfiltration, data leaks, and account breaches. For descriptions of these security threats, see the sections below. 

Note: The threat types displayed on the security health page will vary depending on your Google Workspace edition.

Data exfiltration

Data exfiltration is the unauthorized copying or transfer of data out of your domain. This transfer may be conducted manually by someone with access to resources within your organization, or the transfer may be automated and carried out through malicious programming in your network. For example, the data can be stolen through a breach of an account with access to the data, or by installing a third-party app that sends the data outside of your domain.

Data leaks

A data leak is the unauthorized transfer of sensitive data outside of your domain. Data leaks can occur via email, Meet, Drive, groups, or mobile devices. Leaks may occur because of both malicious or non-malicious behavior—for example, from the enabling of public access to groups, from lenient sharing settings for Drive, from compromised mobile devices, or from attachments in outbound email.

Data deletion

Data deletion is the malicious deletion of data that results in the data being very difficult or impossible to recover. For example, an attacker might implement ransomware that encrypts your data, and then demand a payment for the crypto-key that decrypts the data.

Malicious insider

A malicious insider is an approved user or administrator within your organization who maliciously leaks sensitive information outside of your domain. A malicious insider can be an employee, former employee, a contractor, or a partner. Malicious insiders may leak data via compromised mobile devices, or by sending content outside of your domain via email.

Account breaches

An account breach is an unauthorized access to a user or administrator account inside your domain. An account breach occurs because an unauthorized user steals sign-in credentials. In this scenario, an account in your domain is breached in such a way that it can be used by an attacker to interact with resources. One common method for stealing credentials is spear phishing—when hackers fraudulently send an email that appears to be from an individual or business that you know and trust.

Elevation of privilege

An elevation of privilege is referring to an attacker who has managed to compromise one or more accounts in your domain, and is working to leverage those limited privileges to gain access to accounts with greater privileges. This type of hacker is typically attempting access to global administrator privileges to attain greater control of your domain’s resources.

Password cracking

Password cracking is the process of recovering passwords using specialized software and high capacity computing. Attackers can try many different password combinations in a short period of time. One strategy to prevent password cracking is to enforce two-step verification for the users and administrators in your domain. Google also locks out an account when suspicious activity is detected.


Phishing/whaling is the fraudulent practice of sending emails purporting to be from reputable companies to trick individuals into revealing personal information, such as passwords and account numbers, or to acquire control over a user account in your domain. There are three variations of phishing:

  • Phishing attack—Broadly targeted email that works through large volumes of low-cost messages to many users. The message might contain a link to a site inviting users to sign up to win a cash prize, and by signing up, the victim gives up their sign-in credentials. 
  • Spearphishing attack—A targeted attack against a specific individual; for example, inducing an accountant to open an attachment that installs malware. The malware then helps the attacker gain access to accounting and bank data.
  • Whaling attack—An attempt to trick individuals into taking a specific action such as making a money transfer. A whaling scam is designed to masquerade as a critical business email, sent from a legitimate authority.


Spoofing is the forgery of an email header by an attacker so that a message appears to have originated from someone other than the actual source. When one of your users sees the email sender, it may look like someone they know, or appear to be from a domain that they trust. Email spoofing is a tactic used in phishing and spam campaigns, because email users are more likely to open a message when they believe it’s from a legitimate source.


Malware is software that’s designed with malicious intent, such as computer viruses, trojan horses, spyware, and other malicious programs.

Was this helpful?

How can we improve it?
Clear search
Close search
Google apps
Main menu