Chris Plummer Discovers Gmail Bug That Allows Scammers to Dupe Google's Verified Checkmark
Key Highlights :
Scammers have managed to outsmart Google’s security measures, allowing them to dupe Google’s authoritative stamp of approval and make users believe that the email address is genuine. Chris Plummer, a security architect at Dartmouth Health, has discovered a bug in Gmail that is being exploited by scammers to pull this off.
In a Twitter thread, Plummer reported the bug to Google, who initially dismissed it as ‘intended behaviour’. After the tweet went viral, Google acknowledged the error and said they are taking a closer look into what is going on. They have listed the flaw as a ‘P1’ (top priority) fix, which is currently “in progress.”
Google rolled out the blue verified checkmark to Gmail accounts as a safety standard, allowing users to differentiate between the genuine and phishing emails. Unfortunately, scammers have managed to surpass this security check. Plummer states that the sender found a way to dupe Google’s authoritative stamp of approval, which end users are going to trust.
The scammer was able to make the email look convincing by using a Facebook account, UK netblock, and O365. Plummer says that Google needs to take this issue more seriously and address it honestly. He believes that it is important for the tech giant to ensure that users are not being tricked into believing that an email is genuine when it is not.
It is important for tech companies to stay ahead of these scammers and ensure that their security measures are up to date. Google needs to take this issue more seriously and address it honestly. As Plummer points out, end users should be able to trust the blue verified checkmark as a safety standard.
