The feature, Gmail checkmark system was introduced to assist users distinguish between certified businesses and organizations and legitimate emails from potential scammers. This is made possible through a blue checkmark, included in the function.
However, threat actors were able to take advantage of this feature, raising questions about the general security of Gmail.
Chris Plummer, a cybersecurity expert, found that cybercriminals could deceive Gmail into thinking their bogus businesses were real. This way, they shattered the trust Gmail users were supposed to have in the checkmark system.
“The sender found a way to dupe @gmail’s authoritative stamp of approval, which end users are going to trust. This message went from a Facebook account to a UK netblock, to O365, to me. Nothing about this is legit,” says Plummer.
Prior to these findings, Google dismissed the claims, calling this to be “intended behavior.” But after the issue gained a significant response following Plummer’s tweet related to the flaw, Google finally acknowledged the error.
Later, Google admitted its mistake and conducted a proper investigation into the matter. The flaw’s security was acknowledged, with Google labeling it as a ‘P1’ fix, which indi
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: