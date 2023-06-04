- Advertisement -

Trust online is getting more and more complicated, and scammers are always finding new tools and techniques to trick people into gaining their trust. That’s why companies strive to develop proofs of identity that are easy to understand and quick to verify, like the little blue ticks that appear next to verified senders in your Gmail inbox. However, it seems that at least some malicious actors have found a way to abuse Google’s system.

Gmail offers businesses and organizations the ability to verify their identity through systems such as BIMI (Brand Indicators for Message Identification), VMC (Verified Mark Certificate) and DMARC (Domain-based Message Authentication, Reporting, and Conformance). When a business meets the requirements to prove who they say they are, Gmail displays their logo and a blue tick next to their name.

A new challenge for online security

Recently, cybersecurity engineer Chris Plummer discovered that some scammers had found ways to circumvent Google’s protections and make their messages appear to come from sources official enough to pass integrity checks.

Plummer was alarmed by what he discovered and contacted Google to inform the company of this obviously problematic situation. However, his bug report was closed with a response stating that this was somehow “intentional behaviour”. Faced with this response, Plummer took to Twitter to express his frustration. The reaction on social media was intense enough to make Google reconsider its initial rejection of it.

A situation that Google must address

Now the ball is in Google’s court, and we’re cautiously optimistic that the problem behind this exploit will be quickly identified and resolved. It’s not a good sign that Plummer had to practically drag Google into taking this issue seriously, but we’re glad the company finally reconsidered its initial stance.

It is essential that Google take steps to strengthen its verification system and protect users from scam attempts. Online trust is crucial to the functioning of communication and commerce in today’s digital world. If fraudsters can take advantage of weaknesses in Gmail’s verification system, it undermines the integrity and security of the platform.

A call to action for Google

We hope Google not only addresses this specific issue, but also continually reviews and improves its verification systems to accommodate the increasingly sophisticated methods used by scammers. It’s important for technology companies to stay one step ahead of cybercriminals and give users the tools and confidence to navigate safely online.

Users should also be vigilant and not blindly trust verification symbols as scammers are always looking for ways to trick systems. Online safety education and promotion of best practices are critical to guarding against scam attempts.