Cybercriminals are exploiting a Gmail bug _using the e-mail service of the American company Google_ the blue verification badge and impersonate real companies to defraud users by taking advantage of the trust that this badge provides.
Google implemented these blue badges in the month of May. This is to indicate that the sender mark of an email in your Gmail service is legitimate and not an impersonation to spread spam or defraud users.
To determine which senders are legitimate, Gmail uses its system of identification marks (BIMI, the abbreviation in English). With this technology, it not only verifies an organization’s identity, but also requires strong authentication to display the brand logo as an avatar in the mail, he explains. PS.
However, some malicious actors are taking advantage of a bug in this verification functionality and have succeeded use the blue badge to impersonate real organizations and trick users into defrauding them or obtaining their personal information.
Cybersecurity expert Chris Plummer has pointed this out via a post on Twitter, sharing a personal case of this Gmail failure. As shown in, it is a fake email from the parcel delivery company UPSwith both the blue check mark and the UPS logo avatar.
However, it can be recognized as a fake sender as the email address is suspicious and has no relation to the shipping company. “The sender found a way to cheat Gmail’s authorized seal of approval”, details the specialist.
After identifying this bug, Plummer escalated the issue to Google, who didn’t identify it as a bug at first glance and in fact labeled it as a “intended behaviour”.
However, some time later, Google acknowledged the problem, claiming that “does not appear to be a generic SPF vulnerability”, for which he said they would continue to “look closer at what is happening”. In that sense, the tech giant apologized for “the confusion” and appreciated the effort to recognize this vulnerability.
While Google is fixing this bug, it’s a good idea to check the sender’s address and see if it’s a legitimate organization.
Source: Eluniverso
Mabel is a talented author and journalist with a passion for all things technology. As an experienced writer for the 247 News Agency, she has established a reputation for her in-depth reporting and expert analysis on the latest developments in the tech industry.
