The email sender verification system that Google recently launched has proven vulnerable to attackers who learn to create blue checkmarks and impersonate well-known brands and organizations. In this respect informs Security Lab portal.
Gmail verification checkboxes were rolled out in early May to protect users from phishing attacks. For this, companies and organizations that want to get a blue tick must go through a special verification process. Therefore, if a letter from a verified sender is found, users may not worry about their safety when communicating.
However, it turns out that not all letters from senders with checkmarks can be legitimate. Cybersecurity engineer Chris Plummer discovered and tweeted a sample of a fake email from a UPS delivery service. In it, the scammer asked the buyer to follow a phishing link and verify their details to get the package.
Plummer noticed that the sender’s email address was random and did not match the UPS domain. Also, hovering over the blue checkmark, Gmail indicated that the letter came from a verified source.
How the scammers managed to deceive the Google system is still unknown. Plummer suggests there is a bug in Gmail that attackers can exploit to style blue checkmarks.
Google initially did not acknowledge the problem and stated that the system was working properly. However, after Plummer published his discovery, the company reversed its stance and said it is already working to fix the bug.
Formerly socialbites.ca saidSheikhin, a member of the Federation Council, urged every Russian to check their personal iPhone smartphones for viruses.