An alleged glitch in the display system of the blue verified badge in Gmail, Practicing fraud with users of Google’s email service. That’s what alerted cybersecurity engineer Chris Plummer, who shared his discovery on Twitter last Wednesday (31) with his followers.
According to the expert, someone impersonating the shipping and delivery company UPS sent him an email asking for information about a package. But all it took to confirm that something was wrong was to take a closer look at the sender of the message.
In his published edition (see the tweet below), it is possible to notice the blue seal, as well as the symbol of the logistics company, which, in theory, will indicate the authenticity of the sender. Despite, message was sent from a “Facebook account”, not an official UPS emailAs noted by Plummer.
There is definitely a bug with Gmail exploited by scammers, so I submitted a bug. @Google lazily closed as “won’t fix – intended behavior”. How to impersonate a scammer? @POWER SOURCE so convincingly “intended”. pic.twitter.com/soMq7KraHm
– plum (@chrisplummer) 1 June 2023
Interestingly, the “blue Gmail seal” was created precisely to reduce scams and fraud on the platform. The search giant uses systems such as Brand Indicators for Message Identification (BIMI), Verified Mark Certification (VMC), and Domain-Based Message Authentication, Reporting and Compliance (DMARC) to make the verified account symbol available.
Google is investigating the vulnerability
shortly after identifying Error in Gmail account verification system, the engineer warned Google. At first, the tech giant didn’t acknowledge the vulnerability, claiming that the engine exhibited “intended behavior.”
With the reaction, the Mountain View company took a step back and said: investigating an alleged flaw in the account certificate method, after a “close look” at the given details. However, the company did not disclose information about the possible source of the error or set a deadline to release a fix, causing users to double their attention to avoid falling for phishing scams.
Source: Tec Mundo
I am a passionate and hardworking journalist with an eye for detail. I specialize in the field of news reporting, and have been writing for Gadget Onus, a renowned online news site, since 2019. As the author of their Hot News section, I’m proud to be at the forefront of today’s headlines and current affairs.
