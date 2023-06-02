Last month, Google announced a new feature that shows a verified checkmark next to the sender’s name in Gmail. The feature uses (Brand Indicators for Message Identification), VMC (Verified Mark Certificate), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) to confirm the identity of email senders. Also Read - Google Bard now prompts users to grant precise location access for more relevant results

This feature is in the news again because it seems scammers have found a way to bypass Gmail's blue tick verification system. Chris Plummer, a cybersecurity engineer, recently discovered that some scammers managed to trick Google's safeguards and make their messages look like they came from a verified source to pass the verification tests.

Plummer reported the issue with Google's verification system but the company dismissed his report saying that this was somehow "intended behaviour." Surprised by Google's response, he went on Twitter to express his anger and causing an uproar from the users and experts.

He said via Twitter, “There is most certainly a bug in Gmail being exploited by scammers to pull this off, so I submitted a bug which @google lazily closed as “won’t fix – intended behavior”. How is a scammer impersonating @UPS in such a convincing way “intended”.”

There is most certainly a bug in Gmail being exploited by scammers to pull this off, so I submitted a bug which @google lazily closed as “won’t fix – intended behavior”. How is a scammer impersonating @UPS in such a convincing way “intended”. pic.twitter.com/soMq7KraHm — plum (@chrisplummer) June 1, 2023

The joint reaction made Google reconsider its first response and forced it to address the vulnerability and fix it swiftly.

Google responded to Plummer by saying, “After taking a closer look we realized that this indeed doesn’t seem like a generic SPF vulnerability. Thus we are reopening this and the appropriate team is taking a closer look at what is going on. We apologize again for the confusion and we understand our initial response might have been frustrating, thank you so much for pressing on for us to take a closer look at this! We’ll keep you posted with our assessment and the direction that this issue takes.”

How to safeguard yourself

