Scammers are exploiting Gmail’s verification system: Here’s how to safeguard yourself
Last month, Google announced a new feature that shows a verified checkmark next to the sender’s name in Gmail. The feature uses (Brand Indicators for Message Identification), VMC (Verified Mark Certificate), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) to confirm the identity of email senders.
This feature is in the news again because it seems scammers have found a way to bypass Gmail’s blue tick verification system. Chris Plummer, a cybersecurity engineer, recently discovered that some scammers managed to trick Google’s safeguards and make their messages look like they came from a verified source to pass the verification tests.
Plummer reported the issue with Google’s verification system but the company dismissed his report saying that this was somehow “intended behaviour.” Surprised by Google’s response, he went on Twitter to express his anger and causing an uproar from the users and experts.
He said via Twitter, “There is most certainly a bug in Gmail being exploited by scammers to pull this off, so I submitted a bug which @google lazily closed as “won’t fix – intended behavior”. How is a scammer impersonating @UPS in such a convincing way “intended”.”
There is most certainly a bug in Gmail being exploited by scammers to pull this off, so I submitted a bug which @google lazily closed as “won’t fix – intended behavior”. How is a scammer impersonating @UPS in such a convincing way “intended”. pic.twitter.com/soMq7KraHm
— plum (@chrisplummer) June 1, 2023
The joint reaction made Google reconsider its first response and forced it to address the vulnerability and fix it swiftly.
Google responded to Plummer by saying, “After taking a closer look we realized that this indeed doesn’t seem like a generic SPF vulnerability. Thus we are reopening this and the appropriate team is taking a closer look at what is going on. We apologize again for the confusion and we understand our initial response might have been frustrating, thank you so much for pressing on for us to take a closer look at this! We’ll keep you posted with our assessment and the direction that this issue takes.”
when the going gets tough,
the tough get a tweet with 100,000+ views
thank you all. pic.twitter.com/tYiOD1zvpQ
— plum (@chrisplummer) June 1, 2023
How to safeguard yourself
Here are some ways to safeguard yourself from email scams:
Be careful of any messages that urge you to take immediate action, such as updating your payment details, verifying your account information, or requesting a refund. These messages are often meant to create a sense of fear and pressure you into clicking on a link or opening an attachment without verifying its authenticity.
Look at the sender’s email address closely and look for any signs of faking, such as typos, extra symbols, or strange domains.
Never click on any links or attachments that you did not expect, even if they seem to come from someone you know or trust. Instead, go straight to the official website of the company or organization by typing the URL yourself or using a bookmark.
The post Scammers are exploiting Gmail’s verification system: Here’s how to safeguard yourself appeared first on Techlusive.
Last month, Google announced a new feature that shows a verified checkmark next to the sender’s name in Gmail. The feature uses (Brand Indicators for Message Identification), VMC (Verified Mark Certificate), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) to confirm the identity of email senders.
This feature is in the news again because it seems scammers have found a way to bypass Gmail’s blue tick verification system. Chris Plummer, a cybersecurity engineer, recently discovered that some scammers managed to trick Google’s safeguards and make their messages look like they came from a verified source to pass the verification tests.
Plummer reported the issue with Google’s verification system but the company dismissed his report saying that this was somehow “intended behaviour.” Surprised by Google’s response, he went on Twitter to express his anger and causing an uproar from the users and experts.
He said via Twitter, “There is most certainly a bug in Gmail being exploited by scammers to pull this off, so I submitted a bug which @google lazily closed as “won’t fix – intended behavior”. How is a scammer impersonating @UPS in such a convincing way “intended”.”
There is most certainly a bug in Gmail being exploited by scammers to pull this off, so I submitted a bug which @google lazily closed as “won’t fix – intended behavior”. How is a scammer impersonating @UPS in such a convincing way “intended”. pic.twitter.com/soMq7KraHm
— plum (@chrisplummer) June 1, 2023
The joint reaction made Google reconsider its first response and forced it to address the vulnerability and fix it swiftly.
Google responded to Plummer by saying, “After taking a closer look we realized that this indeed doesn’t seem like a generic SPF vulnerability. Thus we are reopening this and the appropriate team is taking a closer look at what is going on. We apologize again for the confusion and we understand our initial response might have been frustrating, thank you so much for pressing on for us to take a closer look at this! We’ll keep you posted with our assessment and the direction that this issue takes.”
when the going gets tough,
the tough get a tweet with 100,000+ views
thank you all. pic.twitter.com/tYiOD1zvpQ
— plum (@chrisplummer) June 1, 2023
How to safeguard yourself
Here are some ways to safeguard yourself from email scams:
Be careful of any messages that urge you to take immediate action, such as updating your payment details, verifying your account information, or requesting a refund. These messages are often meant to create a sense of fear and pressure you into clicking on a link or opening an attachment without verifying its authenticity.
Look at the sender’s email address closely and look for any signs of faking, such as typos, extra symbols, or strange domains.
Never click on any links or attachments that you did not expect, even if they seem to come from someone you know or trust. Instead, go straight to the official website of the company or organization by typing the URL yourself or using a bookmark.
The post Scammers are exploiting Gmail’s verification system: Here’s how to safeguard yourself appeared first on Techlusive.
