Gmail Alert! This bug allowed scammers to bypass security check; Google reacts

If you are a Gmail user, then you need to be extremely careful. A Gmail bug has just put your account security at risk. So, pay attention and be extremely careful when you receive new emails. In case of doubt, verify and if that is not possible, do not open it. Last month, Google rolled out verified checkmarks to Gmail users to confirm the identity of select senders by displaying the blue tick next to their names. It functions as an additional security measure, and senders are required to use the robust authentication as well as authenticate their brand logos to have them displayed as an “avatar” in emails. Additionally, this checkmark assists email security systems in distinguishing between spoofed or phishing emails and genuine ones. However, scammers successfully bypassed this Gmail security check and found a way to convince the Google system that their brand is real!

Security Architect at Dartmouth Health, Chris Plummer, found this bug in Gmail. “The sender found a way to dupe Gmail’s authoritative stamp of approval, which end users are going to trust. This message went from a Facebook account to a UK netblock, to O365, to me. Nothing about this is legit. Google just doesn’t want to deal with this report honestly,” the security researcher tweeted.

Plummer revealed that when he first discovered the issue, Google disregarded it as “intended behaviour.” However, after his tweets gained significant attention, the company recognized its mistake and acknowledged the error. A screenshot of Google Security Team’s response shared by Plummer reads, “After taking a closer look we realized that this indeed doesn’t seem like a generic SPF vulnerability. Thus we are reopening this and the appropriate team is taking a closer look at what is going on.”

Has the Gmail Bug been fixed?

According to Plummer, Google has now classified the flaw as a ‘P1’ which is considered to be the highest priority fix, and it is currently being worked on as an ongoing process.

Therefore, there is a need to be extra careful when you receive emails from scammers posting from fake accounts. Just know that these may not be from legitimate Gmail accounts due to this bug and the intention of the scammers is to trick you into doing what they want.