Gmail is currently the most popular and most trusted email service in the world. This is undoubtedly due to the features and various security improvements that Google has offered for years. Its ability to instantly automatically capture spam emails and protect users against hackers shows that Google is doing an amazing job.
To contribute to this purpose, Google introduced a new blue verification mark (Gmail Blue Tick) security feature similar to Twitter Blue on May 4th. While this blue indicator is supposed to appear next to emails coming from original companies, recent allegations suggest that fraudsters have started to get involved in this business too.
Don’t trust Gmail’s blue tick
While it was expected that this security improvement, Gmail Blue Tick offered by Google would distinguish the original email accounts of companies, it turned out that this feature has a vulnerability and is being used for malicious purposes. Indeed, researcher Chris Plummer demonstrated that hackers could misuse this feature. Fake emails containing a company’s official logo and the Gmail verification mark could land in your inbox:
This email that has landed in your inbox seems to come from UPS, but the background of the job is not like that. You can understand that this is a fake email from the domain part. If you receive fake emails like this from UPS or any other shipping company, they may ask for your information like your address. You should definitely not give these.
Hackers can try to steal your address, date of birth and other private information with these emails, and the new method for this is sending an email on behalf of a company, as you see above.
Google made the following statements on the subject:
After closely looking, we noticed that this is not a general SPF security flaw. Therefore, we are dealing more closely with this issue and the appropriate team is looking at what’s going on.
It is unknown when Google will overcome this problem. Until then, you should not trust the blue verification marks appearing in Gmail. Always look at whether the sender’s address looks suspicious. Don’t give your personal information to anyone from Gmail and consult customer services by calling the companies on accounts you are unsure about.
{{user}} {{datetime}}
{{text}}