GMail Users Warned Of Vulnerability

Uploaded on 2018-08-16 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

GMail users have been alerted about a new Google Mail feature which could be leveraged by online crooks to carry out a wave of scams, media reported.

The company, in April, unveiled its brand new design which introduced a clean new user interface and a swathe of new features including the ability to snooze a message, auto-generate smart replies and self-destruct emails in the brand new "Confidential Mode".

"It's the Confidential Mode which is at the centre of security fears," Express.co.uk reported on Saturday 21st July.

The Department of Homeland Security (DHS) reportedly issued an alert on the "potential emerging threat... for nefarious activity" with the Gmail redesign, the report said.

"We have reached out to Google to inform them of intelligence relevant to their services and to partner to improve our mutual interests in cyber security," Lesley Fulop, DHS spokesperson said.

Central to these fears was the new "Confidential Email" feature that can require users to click a link in order to access these messages.

If you're a Gmail user using the official Google Mail website, then the "Confidential Email" appears when you click to open it. It shows a date for when the content will expire and informs the users that the email can't be forwarded or downloaded.

However, its different if you're a Gmail user viewing the message as a third-party client or a non-Gmail user who receives a confidential email.

In those cases, instead of the message appearing in their browser, users have to click a button to view the email. And this is where the security fears lie.
With the Gmail redesign, scammers could send out fake versions of confidential email alerts and trick a user into entering sensitive details.

"The tech giant is committed to protecting the security of users' personal information and hence, had created "machine learning" algorithms to detect potential phishing scams that cyber criminals carry out," said Google spokesman Brooks Hocog.

Phishing scams are where cyber criminals try to trick victims into clicking on seemingly trustworthy links in order to steal sensitive personal information.

EconomicTimes

You Might Also Read: 

Secure Encrypted Email Platform PGP Is Not Secure:

Top Tips To Protect Email Accounts From Hackers:

 

« Cybersecurity In Self-Driving Cars
Hacking Your Holiday: Cyber Criminals Target Tourism »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Irish Reporting & Information Security Service (IRISS)

Irish Reporting & Information Security Service (IRISS)

IRISS-CERT is Ireland's first CSIRT (Computer Security Incident Response Team) to provide services to all users within Ireland.

Baker McKenzie

Baker McKenzie

Baker & McKenzie is an international law firm. Practice areas include Data & Technology.

DKCERT

DKCERT

DKCERT (Danish Computer Security Incident Response Team) handles security incidents on forskningsnettet, the National Research and Education Network (NREN) in Denmark.

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

NISC was established as a secretariat of the Cybersecurity Strategy Headquarters in collaboration with the public and private sectors to create a "free, fair and secure cyberspace" in Japan.

Guardtime

Guardtime

Guardtime's Black Lantern platform provides real-time cybersecurity and data-centric asset protection.

World Wide Technology (WWT)

World Wide Technology (WWT)

WWT is a technology solution provider in the areas of big data, collaboration, computing and cloud, mobility, networking, security and storage.

Bowbridge

Bowbridge

Bowbridge provides anti-virus and application security solutions for SAP systems.

Philippine National Police Anti-Cybercrime Group (PNP-ACG)

Philippine National Police Anti-Cybercrime Group (PNP-ACG)

The mission of the PNP Anti-Cybercrime Group is to implement and enforce pertinent laws on cybercrime and other cyber related crimes and pursue an effective anti-cybercrime campaign.

Cybersecurity Competence Center (C3)

Cybersecurity Competence Center (C3)

The Cybersecurity Competence Center was created to further strengthen the Luxembourg economy in the field of cybersecurity.

Cyber Physical Security Research Center (CPSEC)

Cyber Physical Security Research Center (CPSEC)

CPSEC aims to contribute to the security enhancement of industrial infrastructure that creates value across cyber space and physical space.

PatrOwl

PatrOwl

Automate your SecOps with PatrOwl, and start defending your assets efficiently.

Digital Identification & Authentication Council of Canada (DIACC)

Digital Identification & Authentication Council of Canada (DIACC)

DIACC is a non-profit coalition of public and private sector leaders committed to developing a Canadian framework for digital identification and authentication.

Hybrid Identity Protection Conference (HIP)

Hybrid Identity Protection Conference (HIP)

Hybrid Identity Protection (HIP) is the premier educational forum for identity-centric cybersecurity practitioners charged with defending hybrid cloud environments.

RMC

RMC

RMC was purpose-built for Mission Assurance and ICS/OT cybersecurity, dedicated to strengthening and protecting government and commercial assets.

Datapac

Datapac

Datapac is one of Ireland’s largest and most successful ICT solutions and services providers. We have been at the forefront of technology innovation in Ireland for the past three decades.

appNovi

appNovi

appNovi inventories everything to map the attack surface, identify missing security agents, and prioritize vulnerabilities based on exposure.