News Technology

A New Gmail Scam: Here’s What You Should Do To Avoid Getting Scammed

A New Gmail Scam: Here’s What You Should Do To Avoid Getting Scammed
Image by Diedry Ferman from Pixabay

There’s a new Gmail scam getting viral on the Internet as cybercriminals are taking advantage of the recently introduced verification mechanism.

In May 2023, Gmail launched a blue check mark verification system to resist common internet scams like phishing attacks. Companies and organisations can apply to the program to verify their identity, and after the verification process is improved, the aforementioned blue check mark will appear next to the company logo in Gmail. However, the verification mechanism which was introduced to avoid phishing is now used by the bad actors themselves. On Twitter, a cybersecurity engineer, Chris Plummer, posted an image of a fake email claiming to be officially from UPS. The fraudster itself managed to pass through Google’s security measures; however, it is still unknown how the cybercriminal went through the Google checks.

Although, it was not difficult to recognize the fake email. According to Plummer, the header had an email address with a UPS URL at the end, primarily made up of random letters and digits. However, according to the blue check verification box that appears when you mouse over the checkmark, the email is coming from a reliable source. Later, Plummer submitted a bug report with the Email after observing a fraudster sending a verified Email pretending to be UPS. Plummer’s report was initially denied by Google, which claimed that since “this is intended behaviour,” the fault would not be fixed.

Later, Google made an about-face and mailed it back to Plummer that they are currently working on it. The Email reads,

After taking a closer look we realised that this indeed doesn’t seem like a generic SPF vulnerability. Thus we are reopening this and the appropriate team is taking a closer look at what is going on. We apologise again for the confusion and we understand our initial response might have been frustrating, thank you so much for pressing on for us to take a closer look at this! We’ll keep you posted with our assessment and the direction that this issue takes. Regards, Google Security Team.

How to Not Get Scammed?

After Plummer reported the bug, Google announced the bug as P1 which means it is a top-priority fix; however, we don’t know when the patch will roll out. To protect yourself from phishers, TechRadar has complete guides on how to avoid online phishing. Also, we recommend you double-check the header of the Email, if it includes random letters, symbols, or numbers, then something is fishy. Next, you should also go through the spelling in the header. Some cybercriminals will replace certain characters with their lookalike to scam people. For instance, the letter “O” will be swapped to the number “0” and the capital “I” will be changed to a lowercase “l” (that’s an “L”).  You may find it difficult to understand due to Gmail’s default font.

Be aware of any Emails which ask you about your bank or financial information and don’t click on any attachments which you don’t recognize.

About the author


Kristi Lopez

Kristi Lopez is working as a professional news editor at The Next Hint, Inc. She is accustomed to finding daily reports. Therefore, this keen working and addiction towards her work, it helps her to find good news.

Add Comment

Click here to post a comment

Your email address will not be published. Required fields are marked *

Subscribe us

Please wait...
Want to be notified when our article is published? Enter your email address and name below to be the first to know.