« previous next »
Pages: [1]

Author Topic: New Security Warning Issued For Google's 1.8 Billion Gmail Users  (Read 45 times)

Offline javajolt

  • Administrator
  • Hero Member
  • *****
  • Posts: 35250
  • Gender: Male
  • I Do Windows
    • windows10newsinfo.com
New Security Warning Issued For Google's 1.8 Billion Gmail Users
« on: June 04, 2023, 10:10:19 PM »

Google has confirmed erroneous security messages have been sent to Gmail usersSOPA
IMAGES/LIGHTROCKET VIA GETTY IMAGES

The security of Gmail has always been one of its biggest selling points, but now one of its most important new security features is actively being used by hackers to scam users.


Gmail's new blue checkmark sender verification system — as it should work GOOGLE

Introduced last month, the Gmail checkmark system highlights verified companies and organizations to users with a blue checkmark. The idea is to help users discern which emails are legitimate and which may have been sent by impersonators running scams. Unfortunately, scammers have tricked the system.


Scammers Hacking Gmail's new sender verification system CHRIS PLUMMER

Spotted by cybersecurity engineer Chris Plummer, scammers have found a way to convince Gmail that their fake brands are legitimate. Thereby using the confidence the checkmark system is supposed to instill against Gmail users.

Quote
“The sender found a way to dupe @gmail ’s authoritative stamp of approval, which end users are going to trust,” explains Plummer. “This message went from a Facebook account to a UK netblock, to O365, to me. Nothing about this is legit.”

Plummer reports that Google initially dismissed his discovery as “intended behavior” before his tweets about it went viral, and the company acknowledged the error. In a statement to Plummer, Google wrote:

Quote
“After taking a closer look we realized that this indeed doesn't seem like a generic SPF vulnerability. Thus we are reopening this and the appropriate team is taking a closer look at what is going on.

Quote
We apologize again for the confusion and we understand our initial response might have been frustrating, thank you so much for pressing on for us to take a closer look at this!
We'll keep you posted with our assessment and the direction that this issue takes.
Regards, Google Security Team”

Plummer highlights that Google has now listed the flaw as a ‘P1’ (top priority) fix, which is currently “in progress.”

Immense credit goes to Plummer, not just for his discovery, but for the lengths he went to to make Google acknowledge the problem. That said, until Google has a fix, the Gmail checkmark verification system remains broken and is being used by hackers and spammers to trick you with the exact thing it was meant to combat. Stay vigilant.

source
Logged

Pages: [1]
« previous next »