- Google has rolled out the Twitter-like blue verified checkmark for Gmail recently.
- A cybersecurity expert observed that scammers had discovered a method to bypass Google’s security measures.
- The cybersecurity expert has also reported this situation to Google.
Tech giant Google recently introduced the blue verified checkmark for Gmail, and its purpose is to serve as a prominent identifier of a legitimate sender, offering users an additional level of safeguard against email scams. But it appears that Google’s attempt to prevent scams may have had unintended consequences, as scammers have already found a way to bypass these measures. Take a look at it.
How are scammers exploiting Gmail’s blue verified checkmark?
Companies and organizations can verify their identity on Gmail using various systems such as Brand Indicators for Message Identification (BIMI), Domain-based Message Authentication, Reporting, and Conformance (DMARC) and Verified Mark Certificate (VMC). These systems help with brand identification, message authentication, reporting, and conformance. If a company successfully completes the verification process to confirm its identity, Gmail will show its company logo and a blue checkmark beside its name.
However, cybersecurity engineer Chris Plummer has observed that scammers have discovered a method to bypass Google’s security measures. This allows them to create messages that appear to come from a legitimate source, making it difficult to detect fraudulent activity.
The cybersecurity expert reported this situation to Google, only to have his bug report closed with the explanation that it was “intended behaviour”. Later, the expert expressed his frustration on Twitter after finding the response unsatisfactory. The public’s reaction on social media was negative towards his statement, leading Google to reconsider its initial dismissal due to the significant response.
It should be noted that Gmail introduced a blue checkmark feature similar to Twitter’s to assist users in identifying emails from verified brands and distinguishing them from spam accounts. This move is expected to aid in the reduction of phishing attempts.
