Google recently introduced a new safety measure in Gmail: a blue verified checkmark intended to help users differentiate between genuine and phishing emails. However, scammers have managed to exploit a bug in Gmail, deceiving Google's security checks and making their accounts appear legitimate. Chris Plummer, a security architect at Dartmouth Health, discovered this bug, which allows scammers to manipulate Google's authoritative stamp of approval and trick recipients into believing that the email addresses are trustworthy.
Initially, when Plummer reported the bug to Google, the company dismissed it as "intended behaviour," which left him frustrated. He highlighted the convincing impersonation of well-known entities like UPS by scammers. However, as Plummer's tweet gained attention, Google acknowledged its mistake and admitted that it was not a typical vulnerability related to SPF (Sender Policy Framework).
Consequently, they reopened the case, marked it as a top priority (P1), and initiated a thorough investigation with the relevant team. Google's Security Team apologized for any confusion caused and assured Plummer that they would provide regular updates on their assessment and progress in resolving the issue. Plummer has confirmed that Google is actively working on fixing the flaw categorized as a "P1" issue, and the resolution process is currently underway.
© Copyright 2023. All Rights Reserved Powered by Vygr Media.
