An alert and wake-up call should be provided via a tweet from cybersecurity engineer Chris Plummer (via Forbes), regardless of where you use Gmail or if you use Google’s email app or website. The checkmark system, which Google unveiled last month, is where it all begins. An email in your Gmail inbox with a blue checkmark was supposed to mean that you can safely access the message without worrying about getting scammed, spammed, or hacked. This feature was created to validate emails allegedly sent by respectable businesses and organizations.
Investigations and Verifications
The aforementioned Plummer found a way for scammers to “verify” their phished Gmail accounts by placing a blue checkmark next to them. After detecting a scammer sending a confirmed email pretending to be from UPS, Plummer filed a bug complaint with Google. Even the recognizable UPS shield emblem was included in the email. Google first rejected Plummer’s proposal, claiming that since “this is intended behavior,” it wouldn’t fix the fault. How is a scammer imitating @UPS in such a convincing way to be “intended,” as Plummer questions in his tweet?
Google, however, swiftly changed its mind and wrote to Plummer, “After taking a deeper look we realized that this indeed doesn’t appear like a generic SPF issue. As a result, we are revisiting this and the relevant team is investigating what is happening. We apologize once more for the uncertainty and acknowledge that our original response may have been upsetting; we appreciate you insisting that we look into this further. We’ll keep you updated on our analysis and the course that this problem takes. Regards, The Google Security Team.
A Top Priority
Google has officially designated this problem as a P1, making a cure for it a top priority. Users of Gmail should be on the alert for confirmed Gmail that is not from the organization it claims to be from until it is fixed. As always, refrain from clicking any links and, especially, avoid disclosing any personal data like social security numbers, credit card numbers, expiration dates, and security codes.