New security warning for Google's 1.8 billion Gmail users
(Baonghean.vn) - Recently, senior cybersecurity engineer Chris Plummer (USA) warned about a new vulnerability in Gmail that can be exploited to impersonate reputable organizations to deceive users.
 |
Illustration photo. |
Gmail's security has always been seen as one of its biggest selling points, but now one of its most important new security features is being actively used by hackers to scam users.
Introduced last month, Gmail's blue tick system is meant to help users distinguish between legitimate emails and those that may have been sent by phishing impostors. However, scammers are exploiting a loophole to add blue ticks to fake emails.
Specifically, an email sent to your Gmail inbox with a green tick is considered safe and you can open it without worrying that it is a scam, spam or hacked. However, this system also has certain loopholes, scammers can ask Gmail to verify their fake email by showing a green tick.
Chris Plummer submitted a bug report to Google after discovering a scammer sending emails with a blue tick, impersonating the US multinational logistics and supply chain management company (UPS).
Google initially rejected Plummer’s findings, stating that it would not fix the bug because it considered it expected behavior. But Plummer took to social media to address the issue with the headline “How a UPS scammer fooled our vetting system so convincingly”?
However, Google quickly changed its mind and emailed Plummer the following: “After further review, we realized that this is not a typical security vulnerability. So we have sent an investigation team to take a closer look at what is going on. We apologize again for the confusion, thank you very much for bringing this issue to our attention. We will keep you updated on our review and how we are working on this. Sincerely, Google Security Team.”
Google has now classified the vulnerability as P1, meaning it is a top priority fix. However, until the vulnerability is fixed, users should be wary of emails they are unfamiliar with, even those with a blue tick. It is best not to click on any untrusted links, and not to provide personal information, bank account numbers, or necessary passwords.
| Google has made this security vulnerability a top priority fix (P1). |
If you receive an email that seems important in your Gmail inbox and it's verified with a blue tick, be extra cautious and call the company. Don't call the phone number listed in the email.
Google is currently focusing on eliminating this vulnerability, so hopefully it hasn't tricked anyone yet. However, it's likely that a small number of users will lose some money to this scam, as Gmail has more than 1.8 billion active accounts this year.
With this vulnerability, bad guys can also use it to wipe out your bank account.
Let’s say you get an email from a blue-checked account that says you’re about to receive a package. The email might say that the sender needs some information to verify your identity. With the blue checkmark, you agree to provide some personal information that they need to deliver your package. So you send them your date of birth, social security number, bank account and/or credit card information. You can imagine what a bad guy could do with all that information.
Most companies these days won’t send you text messages or emails with links. Most emails won’t ask for any of your personal information either. Even if Google fixes this security hole, you shouldn’t give out your personal information in any form, because the speed at which a scammer can steal, take over, and erase traces is unstoppable, and in just a few seconds, your bank account can be wiped out.
Therefore, it is best for users to maintain a cautious and vigilant attitude towards all emails with or without a blue tick./.