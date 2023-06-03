



Google confirms wrong security message sent to Gmail users

Gmail’s security has always been one of its biggest selling points, but now one of its most important new security features is being actively used by hackers to scam users.

Gmail’s New Blue Checkmark Sender Verification System Should Work

Google

The Gmail checkmark system, introduced last month, highlights verified companies and organizations with a blue checkmark to users. Its purpose is to help users identify which emails are legitimate and which emails may have been sent by impersonating senders performing fraud. Unfortunately, scammers have tricked the system.

Scammers Hack Gmail’s New Sender Verification System

Chris Plummer

Spotted by cybersecurity engineer Chris Plummer, the scammers have found a way to trick Gmail into believing the fake brand is genuine. This takes advantage of the trust the checkmark system is supposed to give her Gmail users.

Plummer explained that the sender found a way to trick @gmail’s authoritative stamp of approval, which end users trust. This message reached UK netblocks, O365 and me from her Facebook account. Nothing about this is legal.

Plummer reported that Google initially dismissed his discovery as an intentional act before a tweet about his discovery went viral, and the company admitted its mistake. In a statement to Plummer, Google wrote:

Upon closer inspection, we found that this does not appear to be a common SPF vulnerability. Therefore, we are reopening this and have the appropriate teams looking into what is going on. Once again, we apologize for the confusion. We also understand that our initial response may have caused you some inconvenience. Thank you for your detailed investigation. We will keep you updated on our assessment and the direction of this issue.Best Regards, Google Security Team

Plummer emphasized that Google has listed the flaw as a P1 (highest priority) fix and is currently working on it.

Plummer is very much credited not only for his discovery, but also for his efforts to get Google to acknowledge the problem. However, until Google fixes it, Gmail’s checkmark verification system remains broken and is being used by hackers and spammers to trick users for their intended purpose. Be vigilant.

