All 1.8 billion active Gmail users need to read this warning to avoid being scammed

It doesn’t matter where you use Gmail, whether you use Google’s email app or website, a tweet from cybersecurity engineer Chris Plummer (through Forbes) should serve as a wake-up call and wake-up call. It all starts with a checkmark system that Google introduced last month. Designed to verify emails supposedly sent from legitimate companies and organizations, an email in your Gmail inbox with a blue checkmark should have indicated that you can safely open the missive without worrying about being scammed, spammed or hacked.

Thanks to a bug, scammers can get Gmail to verify their fake email by displaying a blue checkmark

The aforementioned Plummer discovered a way for bad actors to have a blue check mark to “verify” their phishing gmail. Plummer filed a bug report with Google after spotting a scammer sending verified email impersonating UPS. The email also included the iconic UPS shield icon. Google initially rejected Plummer’s submission, saying it won’t fix the bug because “this is expected behavior.” As Plummer asks in his tweet, “How does a scammer impersonate @UPS so convincingly ‘get it?’

But Google quickly backtracked and sent Plummer the following: “After taking a closer look, we realized that this doesn’t really look like a generic SPF vulnerability. So we’re reopening this issue and the appropriate team is looking into it. take a closer look at what’s going on. We apologize again for the confusion and understand our initial response may have been frustrating, thank you so much for insisting we take a closer look at us! We’ll keep you updated with our assessment and direction as we takes this issue. Regards, Google Security Team.”

Google has now made this flaw a P1, which means it’s a priority fix. But until this is fixed, Gmail users should be on the lookout for verified Gmail that isn’t from the company it claims to be from. As always, do not click on any links and certainly do not provide information such as social security numbers, credit card numbers, expiration dates and security codes.

If you get what looks like an important email in your Gmail inbox and it’s checked with a blue checkmark, call the company using a phone number you obtained from Google. Don’t call a phone number that is written in the letter. Since this is a high priority fix for Google now, hopefully the bug will be squashed before anyone gets ripped off. And there’s a good chance that at least some users will lose some money to this scam since there are over 1.8 billion active Gmail users this year.

Here’s how a bad actor can use this bug to clean out your bank account

Let’s take a look at how this could screw you over. Suppose you receive an email from UPS with a blue check and saying you are about to receive a package. The letter may indicate that UPS needs certain information to verify your identity. With the verification check in your mind, you agree to respond with some personal information that “UPS” claims it needs to deliver your package. Then you send them your date of birth, social security number and your bank account and/or credit card information. You can imagine what someone with malicious intent could do with all that information.

Most companies these days won’t send you messages or emails with links. Most will not ask for any of the above information. And even when Google exterminates this bug, a blue check doesn’t give you carte blanche to spew personal information that can cost you your hard-earned cash. And the speed with which a scammer can take your personal information and charge your credit cards, clean out your bank account, hijack your wireless account and lock you out is incredible.

The best thing to do is to maintain a very cautious attitude and beware of blue tick or no blue tick!

#billion #active #Gmail #users #read #warning #avoid #scammed

Leave a Comment