All 1.8 billion active Gmail users need to read this warning before opening the next letter in their inbox.
No matter where you use Gmail, if you use Google’s email app or website, a tweet from cybersecurity engineer Chris Plummer (via Forbes) should serve as an alert and wake-up call. It all starts with a checkmark system that Google introduced last month. Designed to verify emails supposedly sent by legitimate corporations and organizations, an email in your Gmail inbox with a blue checkmark was supposed to indicate that you can safely open the missive without worrying about getting scammed, spammed, or hacked.Thanks to a bug, scammers can get Gmail to verify their fake email by having a blue checkmark appear
The aforementioned Plummer discovered a way for bad actors to have a blue checkmark « verify » their phished gmail. Plummer submitted a bug report with Google after spotting a scammer sending a verified email impersonating UPS. The email even included the iconic UPS shield icon. Google at first rejected Plummer’s submission saying that it won’t fix the bug since ‘this is intended behavior. As Plummer asks in his tweet, « How is a scammer impersonating @UPS in such a convincing way ‘intended?’ But Google quickly did an about-face and sent Plummer the following, « After taking a closer look we realized that this indeed doesn’t seem like a generic SPF vulnerability.
