The email sender verification system that Google recently launched has become a vulnerability for attackers who learn to forge blue ticks and impersonate well-known brands and organizations. This information was reported by the Russian portal Security Lab.
In early May, checkboxes were added to Gmail to protect users from phishing attacks. To get a blue tick, companies and organizations must go through a special check. Thus, if the letter is from a verified sender, users can be assured that the letter is safe.
However, it turns out that not all letters with blue checkmarks are real. Cybersecurity engineer Chris Plummer discovered and tweeted a sample of a fake email from a UPS delivery service. In this letter, the scammer asks the buyer to follow the link and verify their information to receive the package.
Plummer noticed that the sender’s email address was a random set of characters and did not match the UPS domain. And even hovering over the blue checkmark, Gmail indicated that the letter was from a verified sender.
How the attackers managed to bypass the Google system is still unknown. Plummer believes there is a bug in Gmail that attackers can use to forge blue checkmarks.
Initially, Google did not acknowledge the problem and stated that the system was working flawlessly. However, following the release of Plummer, the company changed its position and stated that it is currently working on a fix for the bug.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
