Remember Gmail Verification Badges? Scammers Have Found A Way To Exploit Them
wccftech.comGoogle has been looking into several ways of making sure that people are secure whenever they receive emails. The company has put several measures in place, including the recently announced feature for Gmail called Brand Indicators for Message Identification, a feature which basically allows the companies to verify their identities and receive a blue checkmark, which ensures that whenever a user receives an email from a verified company, they know that it is true. However, it looks like some scammers have found a way to exploit this.
This issue was discovered by Chris Plummer, a cybersecurity engineer. Plummer found that scammers could easily deceive Gmail's authentication system. By tinkering with it, scammers were allowed to mask themselves as verified senders and, therefore, bypass all security checks. Thankfully, the bug was reported to Google, and to everyone's surprise, the search engine giant closed the report and mentioned how this behavior was intended.
Plummer then took to Twitter, talking about how this bug works and how Google simply chose to overlook it. This is what Plummer had to say:
“There is most certainly a bug in Gmail being exploited by scammers to pull this off, so I submitted a bug which Google lazily closed as “won’t fix – intended behaviour”. How is a scammer impersonating UPS in such a convincing way intended,”
There is most certainly a bug in Gmail being exploited by scammers to pull this off, so I submitted a bug which @google lazily closed as “won’t fix - intended behavior”. How is a scammer impersonating @UPS in such a convincing way “intended”. pic.twitter.com/soMq7KraHm
— plum (@chrisplummer) June 1, 2023
Google, on the other hand, has not responded to Plummer's report properly. However,
Read more on wccftech.com
