All Gmail users warned of alarming new bank-draining con that could easily trick anyone

GOOGLE Gmail users have been warned over a new scam that seeks to take advantage of Google’s new verification system.

Scam emails impersonating businesses that are virtually indistinguishable from legitimate ones are landing in people’s inbox thanks to a new bug.


Cybersecurity engineer Chris Plummer posted on Twitter an image of a spoofed email claiming to officially be from UPSCredit: Twitter / @chrisplummer
An image of a real UPS email, with a legitimate verification badge


An image of a real UPS email, with a legitimate verification badgeCredit: Twitter / @chrisplummer

The tech giant introduced a blue verification checkmark at the beginning on May, in a bid to combat internet scams.

It means companies and organisations – that were otherwise easy to impersonate – apply to the programme to verify their identity.

After Google approved the application, emails from these organisations could then be accompanied with a verification sticker next to their brand logo.

But it wasn’t long before scammers noticed that the well intended new feature could be hijacked for more nefarious purposes.

Cybersecurity engineer Chris Plummer posted on Twitter an image of a spoofed email claiming to officially be from UPS.

The scammer somehow got past Google’s own safeguards, because when Plummer hovered over the badge a window appeared saying the message was coming from a legitimate source – when it wasn’t.

“There is most certainly a bug in Gmail being exploited by scammers to pull this off,” Plummer wrote on Twitter.

“The sender found a way to dupe @gmail’s authoritative stamp of approval, which end users are going to trust.

“This message went from a Facebook account, to a UK netblock, to O365, to me. Nothing about this is legit.”

The engineer submitted a bug report to Google’s security team which initially closed the case before reopening it after having a “closer look” at the issue, according to a snapshot of an email Plummer posted on on the social media platform.

Most users will immediately trust the “little blue seal”, according to the engineer, who feared it might undo the work to encourage email users to vigilantly check sender addresses to make sure what they’re reading in their inbox is legitimate.

The tech giant is currently working on a fix for the cyber flaw, but follow these steps to make sure you’re protected in the meantime:

  • Double check the header – random letters, numbers, symbols or spelling mistakes in an email is your first tell tale sign that something is awry
  • Make sure letters are what they seem – scammers often replace certain characters with lookalikes, for example, replacing the letter ‘O’ with the number ‘0’.
  • Don’t click any attachments or link you don’t recognise.
  • Be wary of emails urging you to share your financial information.

Best Phone and Gadget tips and hacks

Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…

Get all the latest WhatsApp, Instagram, Facebook and other tech gadget stories here.

We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]

Read original article here

Denial of responsibility! Bulletin Reporter is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – admin@ . The content will be deleted within 24 hours.

Leave a comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More