Hackers exploit Gmail Blue checkmark impacting 1.8 billion Google users

Attention all business Gmail account holders, it is crucial to stay informed about the following news story. Security experts have issued a warning regarding the exploitation of the Gmail Blue Check Mark feature by scammers. These individuals are utilizing the mark to create counterfeit email addresses resembling those of well-known brands. Their goal is to deceive users into providing personal credentials and making fraudulent payments.

The Gmail Blue Check Mark, similar to Twitter’s Blue Tick Mark, appears next to the sender’s name and serves as a verification symbol, indicating that the sender is a trusted and verified user. However, these fraudulent email addresses are cleverly designed to mimic reputable brands, exploiting the algorithm implemented for Brand Indication for Message Identification (BIMI).

Upon being alerted to the issue, Google promptly took action by assigning a team of engineers to investigate the matter. The problem lies in the hijacking of Google’s DomainKeys Identified Mail (DKIM) signature, which scammers have exploited to ensnare unsuspecting victims. Google, renowned for prioritizing customer security and privacy, is diligently working towards rectifying this flaw within the next few days.

Now, the question arises: do businesses truly require this checkmark?

The presence of a checkmark enables businesses to establish their digital verification identity, ensuring that readers engage with trustworthy resources. However, earning trust on a digital platform demands significant investment. It can only be accomplished through extensive marketing efforts, continuous improvement of services, and the delivery of satisfactory products that foster customer confidence. Over time, this trust-building process enables businesses to flourish. In the digital world, obtaining a certification or badge holds great significance, especially within the realm of technology.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display