Google introduced a blue verified checkmark for Gmail to combat phishing emails and attackers impersonating businesses. However, it seems like scamsters have got their way around the safety mechanism thereby impersonating verified blue checkmark on phishing emails.
Earlier last month, Google introduced a blue verified checkmark on Gmail for organizations and companies that have been verified. The feature uses signals such as Brand Indicators for Message Identification (BIMI), Verified Mark Certified (VMC), and Domain-based Message Authentication, Reporting, and Conformance (DMARC) to put a blue-colored verified checkmark against emails of businesses to signal that it is legit.
With the latest information coming from cybersecurity engineer Chris Plummer, scammers have been able to bypass Google’s verified checkmark feature thereby impersonating businesses such as UPS in the tweet tagged below. For the unversed, the screenshot shows the UPS logo along with a notification stating that “kelerymjrlna.ups.com” is a verified email. There’s a blue-colored verified checkmark on the email as well.
Having a verified check mark against unauthorized emails will make it difficult for users to detect phishing attacks. It can open a whole new avenue for scammers to attack innocent users who might click on emails and links before ending up being phished.
However, when reported, Google tagged the bug as “won’t fix – intended behavior” and closed it lazily without any further resolution. It means if more attackers get to know the bug, they will use it to send phishing emails leading to a catastrophe. It is an irony given the fact that Google’s blue verified checkmark feature was introduced to end phishing emails.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsBit.us is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
