• Fri. Oct 13th, 2023

Users of Gmail Tricked by Scammers Using False Blue Checkmarks

Avatar photo

ByEsme Greene

Jul 7, 2023
Gmail Users Tricked by Scammers
Esme Greene
Latest posts by Esme Greene (see all)

On the network, a new kind of fraud employing the Gmail service has surfaced. Attackers mimic legitimate businesses and organizations using Google’s recently introduced verification mechanism.

Google started using blue checkmarks in early May to confirm the legitimacy of email senders. When an organization or company applies to the program and is accepted, Gmail will show a blue checkmark next to the company’s logo. This was meant to assist people in safeguarding against phishing. But occasionally, this system is turned against them.

Chris Plummer, a cybersecurity expert, shared a screenshot of a bogus UPS email on Twitter. The con artist managed to get beyond Google’s security measures.

Bug or Opening for Attack?

The bogus letter could easily be identified. Plummer demonstrated that the header contained a UPS URL at the end of an email address made up of arbitrary letters and digits. However, a popup notifies you that the message is originating from a reliable source when you mouse over the checkmark.

How the attacker evaded the security measures remains unknown. According to Plummer, fraudsters are taking advantage of a weakness in Gmail to deceive the service. The attackers then pass via a number of domains before targeting their target.

He claims that when he first brought the problem to Google’s attention, the corporation dismissed it, stating the system operated as planned. However, the IT giant altered its mind and declared that it was working on a patch in the days that followed Plummer’s discovery.

How to Avoid Becoming a Victim to Con Artists

It makes sense to safeguard ourselves until the fix is issued since we don’t know when it will be. We provide the following quick tips to assist you in avoiding online phishing and safeguarding your inbox:

Check the title first. The first indication that anything is amiss is when an email address has a lot of weird characters, digits, and symbols. Any email asking for your financial information, whether it’s an account update or an unexpected refund offer, should raise red flags. Lastly, you shouldn’t click on links or attachments that are unfamiliar to you.

Avatar photo

Esme Greene

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.