GMail Users Warned Of Vulnerability

Uploaded on 2018-08-16 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

GMail users have been alerted about a new Google Mail feature which could be leveraged by online crooks to carry out a wave of scams, media reported.

The company, in April, unveiled its brand new design which introduced a clean new user interface and a swathe of new features including the ability to snooze a message, auto-generate smart replies and self-destruct emails in the brand new "Confidential Mode".

"It's the Confidential Mode which is at the centre of security fears," Express.co.uk reported on Saturday 21st July.

The Department of Homeland Security (DHS) reportedly issued an alert on the "potential emerging threat... for nefarious activity" with the Gmail redesign, the report said.

"We have reached out to Google to inform them of intelligence relevant to their services and to partner to improve our mutual interests in cyber security," Lesley Fulop, DHS spokesperson said.

Central to these fears was the new "Confidential Email" feature that can require users to click a link in order to access these messages.

If you're a Gmail user using the official Google Mail website, then the "Confidential Email" appears when you click to open it. It shows a date for when the content will expire and informs the users that the email can't be forwarded or downloaded.

However, its different if you're a Gmail user viewing the message as a third-party client or a non-Gmail user who receives a confidential email.

In those cases, instead of the message appearing in their browser, users have to click a button to view the email. And this is where the security fears lie.
With the Gmail redesign, scammers could send out fake versions of confidential email alerts and trick a user into entering sensitive details.

"The tech giant is committed to protecting the security of users' personal information and hence, had created "machine learning" algorithms to detect potential phishing scams that cyber criminals carry out," said Google spokesman Brooks Hocog.

Phishing scams are where cyber criminals try to trick victims into clicking on seemingly trustworthy links in order to steal sensitive personal information.

EconomicTimes

You Might Also Read: 

Secure Encrypted Email Platform PGP Is Not Secure:

Top Tips To Protect Email Accounts From Hackers:

 

« Cybersecurity In Self-Driving Cars
Hacking Your Holiday: Cyber Criminals Target Tourism »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

GuardianKey

GuardianKey

GuardianKey is a solution to protect systems against authentication attacks.

Nordic Cyber Summit

Nordic Cyber Summit

Nordic Cyber Security Summit addresses a wide range of technological issues from the IT Security spectrum and also provides a wider perspective from all aspects of the industry.

Tier One Technology Partners

Tier One Technology Partners

Tier One Technology Partners is an IT managed services provider that focuses on cybersecurity, cloud services, IT consulting, and infrastructure.

Riskaware

Riskaware

CyberAware, by Riskaware, provides business-critical cyber attack analysis and impact assessments using NIST standards aligned with NCSC guidance.

CENSUS

CENSUS

CENSUS is a Cybersecurity services provider offering services to multiple industries worldwide such as Security Testing, Code Auditing, Secure SDLC, Vulnerability Research and Consulting Services.

MVP Tech

MVP Tech

MVP Tech designs and deploys next generation infrastructures where Security and Technology converge.

IDX

IDX

IDX is the leading consumer privacy platform built for agility in the digital age.

Kintent

Kintent

With Kintent, compliance becomes a habit, is simple to understand and achieve, and is continuously testable so that your customers can see that you are adhering to all your trust obligations.

Kontex

Kontex

Kontex is a Cyber Security consultancy creating resilient solutions. From Strategy, Advisory and Implementation to Management and everything in between.

KirkpatrickPrice

KirkpatrickPrice

KirkpatrickPrice is dedicated to providing you with innovative security guidance and efficient audit services.

Picnic

Picnic

Picnic is a gritty, pioneering team of intelligence and cybersecurity specialists focused on solving the security challenge of our time - social engineering.

Alpha Omega Integration

Alpha Omega Integration

Alpha Omega creates new possibilities through intelligent end-to-end mission-focused government IT solutions.

SafeBase

SafeBase

Safebase provide the infrastructure for Trust Communication. Our Trust Center enables Security and Sales teams to share and automate access to security, compliance, and privacy information.

CYTUR

CYTUR

CYTUR provide trusted and secured maritime cybersecurity solutions to keep ships safe, protecting them, their crews, cargo and all stakeholders from maritime cyber threats.

Ark Infotech

Ark Infotech

Ark Infotech is a provider of cloud management services, selective support services, and technology solutions.

Veracity Trust Network

Veracity Trust Network

Veracity Trust Network safeguards organisations from the threat of bot attacks on their public facing platforms.