Gmail is a free email service provided by Google that was launched in 2004 and had 1.5 billion active users in 2019 which makes it the largest email service in the world. It can be accessed through a web browser or the official mobile application.
For protecting the privacy of its user, Google uses world-class security and monitors suspicious logins and unauthorized activity. You can control the privacy settings at any time in your Google Account.
But recently, a bug has been recognized that puts the security of your Google Account at risk because of which you need to be extremely careful when you receive new emails. If you’re in doubt about any mail, verify it and if you cannot verify, do not open it if possible.
Last month Google introduced verified check marks for its Gmail users which enabled the confirmation of select senders’ identities through the display of a blue tick next to their names.
This function works as an additional security feature because of which the senders need to use robust authentication in addition to authentication of their brand logos to have them displayed as an ‘avatar’ in emails.
Moreover, this checkmark supports the email security system finding a difference between parody or attacking mail and genuine mail.
In spite of having such strong security measures, scammers have managed to successfully bypass this security check of Gmail and found a way to assure Google systems that the brand they are using is real.
Chris Plummer, Dartmouth Health’s security architect, found this bug in Gmail. The security researcher tweeted about this bug found in Gmail and said, “The sender found a way to dupe @gmail’s authoritative stamp of approval, which end users are going to trust. This message went from a Facebook account to a UK netblock, to O365, to me. Nothing about this is legit. Google doesn’t want to deal with this report honestly,”.
He also mentioned that when he first found out about this issue, Google disregarded it as an ‘intended behaviour’. Although after his tweets gained notable attention, Google acknowledged the error.
After this Plummer shared a screenshot of the response of Google’s security team that said, ‘ After taking a closer look we realized that this indeed doesn't seem like a generic SPF vulnerability. Thus we are reopening this and the appropriate team is taking a closer look at what is going on. They also apologized for not responding appropriately earlier on this issue and now classifying the flaw as ‘p1’ and considering it to be of the highest priority fix, and working on fixing the flaw.
Thus, you need to be more careful when you receive emails from scammers posting from fake accounts. The scammers might trick you into doing what they want ultimately.