Gmail Security Compromised: Verified Checkmark System Under Attack
Gmail’s newly introduced security measure, the verified checkmark system for emails, has already been exploited by scammers to deceive users. The system was launched with the intent of identifying verified companies and organisations with a blue checkmark, providing a seal of authenticity to help users distinguish legitimate emails from potential scams. However, the system which was designed to safeguard users, is now ironically being used as a tool against them.
Chris Plummer, a cyber security engineer, was the first to spot this exploitation. In an alarming discovery, Plummer noticed that scammers had managed to trick the system into accepting their fake brands as legitimate, effectively turning the trust-inducing checkmark into a weapon against unsuspecting Gmail users. “The sender found a way to dupe @gmail’s authoritative stamp of approval, which end users are going to trust,” Plummer explained. This unwarranted approval led to an email routed from a Facebook account, through a UK netblock, to an Office 365 account, and then to him, passing as a verified email when it was anything but.
Plummer immediately reported this glaring security flaw to Google and this report was initially dismissed as “intended behaviour”. However, his subsequent tweets highlighting the issue quickly went viral, forcing Google to acknowledge the error. In a statement to Plummer, Google admitted, “After taking a closer look we realised that this indeed doesn’t seem like a generic SPF (Sender Policy Framework) vulnerability. Thus we are reopening this and the appropriate team is taking a closer look at what is going on.” Google expressed regret for the initial confusion and appreciated Plummer’s persistence in raising the issue. The company has now listed the flaw as a ‘P1’ or Top Priority fix, which is currently in progress.
While Google works on a fix, Gmail users are advised to exercise caution. The Gmail checkmark verification system, in its current state, remains compromised, and hackers and spammers are able to use it to trick users into believing fraudulent emails are genuine. 1.8 Billion Gmail users can thank Plummer, not just for his discovery, but also for his relentless efforts to make Google acknowledge the problem. Despite the verification system’s current vulnerability, Gmail’s security remains a top priority, and users are urged to stay vigilant in these uncertain times.
At One2Call can protect your emails with Active Email Threat Protection, this service can monitor for the legitimacy of email sources, monitor the links within email to confirm their legitimacy and also look for unusual or suspicious behaviour/sentiment within emails that could potentially be harmful to your business. If you would like to find out more about Active Email Threat Protection, click the link below, or download our Free Cyber Security Self Assessment form where we can work with your business to ensure that you have the best Cyber Security policies and practices in place to protect your business against evolving cyber threats.
Latest News Stories
Cyber Threats to Mac Computers on the Rise
For Mac users, a new cyber security threat is on the horizon. A tool called 'Geacon', used by hackers to gain unauthorised access to computers, is becoming more popular. This tool is a version of 'Cobalt Strike', another tool hackers have used for a long time to...
Tackling the $8 Trillion Cyber Crime Crisis
As the Cyber Threat landscape grows increasingly complex and fast-paced, experts predict that the total cost of Cyber Crime will surpass $8 trillion by the end of 2023. This staggering figure includes money stolen by cyber criminals, investments in security tools and...
Cancer Clinic’s Chilling Ultimatum: Pay Ransom or Face Patient Harassment
Crown Princess Mary Cancer Centre, a prominent Sydney-based cancer clinic, has recently been targeted by a notorious ransomware group, Medusa. The is among many Cyber Attacks targeting Australian businesses in recent months. The cyber criminals issued an ultimatum...
Our Customers
Testimonials
Christina, Wildes Education
Adam was really polite and respectful of the fact that I don’t know a lot about computers and software.
Pat Nash, Invma
Responsive support, friendly service, knowledgeable/competent engineers.
Cliff College
It’s clear that Jordon prioritized our needs as a College. He took on a task that wasn’t easy and sorted it quickly.