Google He has a new verification system Email messageswhich seeks to confirm the identity of the sender of the message so that the user has certainty that he or she is receiving an official communication.
This badge comes at a time when impersonation attacks known as phishingup 50% in the last year, according to a Zscaler report, and that emails are one of the main attack methods.
The process for obtaining it is similar to that of networks such as Twitter And instagramWhere the company verifies the correctness of the information and provides verification with a blue check attached to the user’s name.
This new model was launched more than a month ago, and the company has already caught a first bug that a group made cyber criminals They were able to cheat badge acquisition procedures, communicate with users, and impersonate other companies.
“After taking a closer look, we realized that this, in fact, does not look like a generic vulnerability. Therefore, we are reopening the case and the relevant team is taking a closer look at what is happening, ”was Google’s response to Chris Plummer, the engineer who discovered the vulnerability.
A cybersecurity expert posted an image showing how criminals managed to obtain verification to impersonate UPS, a logistics company, and send messages to deceive users, despite the fact that the email address had obvious characteristics.
at the momentGoogle He confirmed that he was working to find a solution and that he would communicate with Plummer to inform him of the developments in the situation.
As is common with this type of badge, it is located right next to the sender’s name, from. Although in this case the profiles will not have to pay any subscription to get them.
In addition to seeing a blue check, users will have the option to place their cursor over this icon to see a message confirming the profile’s official status, where criminals can place an icon that simulates verification.
At the moment, this initiative is in the process of expanding, so only corporate accounts will receive verification and must be accepted before Google through the BIMI system.
This is the standard that companies must meet two security requirements. On the other hand, there is domain-based authentication, known as DMARC, which consists in preventing attackers from impersonating the brand or spoofing its domain. They will also need to get a brand logo approved through a country’s intellectual property registration process, which is only awarded to a legitimately formed organization.
platform Google It offers security tools to its users. One is to detect a malicious message and immediately send it to a file Spam emailsAvoid being notified of his arrival or being seen by the user on the homepage.
Steps to Report an Email These are the steps to follow
1. Go to Gmail from a computer or mobile device.
2. Open the malicious message.
3. Go to “Answer” and next to this option “More” call will appear, click on it.
4. A menu will be displayed and in it will be the Report Identity Theft box.