GOOGLE Gmail users have been warned over a new scam that seeks to take advantage of Google’s new verification system.
Scam emails impersonating businesses that are virtually indistinguishable from legitimate ones are landing in people’s inbox thanks to a new bug.
2
2
The tech giant introduced a blue verification checkmark at the beginning on May, in a bid to combat internet scams.
It means companies and organisations – that were otherwise easy to impersonate – apply to the programme to verify their identity.
After Google approved the application, emails from these organisations could then be accompanied with a verification sticker next to their brand logo.
But it wasn’t long before scammers noticed that the well intended new feature could be hijacked for more nefarious purposes.
Cybersecurity engineer Chris Plummer posted on Twitter an image of a spoofed email claiming to officially be from UPS.
The scammer somehow got past Google’s own safeguards, because when Plummer hovered over the badge a window appeared saying the message was coming from a legitimate source – when it wasn’t.
“There is most certainly a bug in Gmail being exploited by scammers to pull this off,” Plummer wrote on Twitter.
“The sender found a way to dupe @gmail’s authoritative stamp of approval, which end users are going to trust.
Most read in Tech
“This message went from a Facebook account, to a UK netblock, to O365, to me. Nothing about this is legit.”
The engineer submitted a bug report to Google’s security team which initially closed the case before reopening it after having a “closer look” at the issue, according to a snapshot of an email Plummer posted on on the social media platform.
Most users will immediately trust the “little blue seal”, according to the engineer, who feared it might undo the work to encourage email users to vigilantly check sender addresses to make sure what they’re reading in their inbox is legitimate.
The tech giant is currently working on a fix for the cyber flaw, but follow these steps to make sure you’re protected in the meantime:
- Double check the header – random letters, numbers, symbols or spelling mistakes in an email is your first tell tale sign that something is awry
- Make sure letters are what they seem – scammers often replace certain characters with lookalikes, for example, replacing the letter ‘O’ with the number ‘0’.
- Don’t click any attachments or link you don’t recognise.
- Be wary of emails urging you to share your financial information.
Best Phone and Gadget tips and hacks
Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]
