The Gmail issue, discovered and outlined by software developer Tim Cotten this week, stems from the way that Gmail organizes its folders. It files an email into the Sent folder based on the address in the “from” field. So, if an attacker sends an email to a target, which has been specially crafted to also have that target’s email address in the “from” field, the mail will automatically go to the person’s inbox and Sent folder at the same time. This gives the false impression to the unwitting user that it was an email they themselves sent, said Cotten.
“So it appears that by structuring the from field to contain the recipient’s address along with other text, the GMail app reads the from field for filtering/inbox organization purposes and sorts the email as though it were sent from [the recipient], despite it clearly also having the originating mailbox as [another address],” he explained.
This is a potential boon for malicious actors. Spam emails to the inbox might be filtered out, but the mail that goes to the Sent folder will remain. An attacker could then, for example, send a follow-up email asking the victim to look back at previous correspondence to find something, and from there convince them to open something malicious.
To all the Gmail users, there is a very bad Gmail phishing warning. Hackers could just use one of the new Gmail features to attack your account and hack it; relatively easily. Google rolled out its much-awaited Gmail update in April this year. This update was welcomed by the users for providing with a better-looking interface as well as some new features. The new features included smart replies, autoresponder, self-destructing messages, confidential mode, offline mode, and many others.
And the feature that has become an easy target for the hackers is the Gmail confidential mode.
The new Gmail phishing warning was revealed in a recent news show on ABC news. An official from the Department of Homeland Security informed the ABC News crew that they have contacted Google and shared their intelligence on the possible exploitation of Gmail confidential mode.
The DHS spokeswoman Lesley Fulop said that they already contacted Google regarding this security threat. She said that “ We have reached out to Google to inform them of intelligence relevant to their services; to partner to improve our mutual interests in cybersecurity.”
How Hackers Exploit Confidential Mode to Hack Your Gmail Account?
The secret lies in the way Gmail confidential mode works. If you activate confidential mode for a Gmail email, the receiver will receive a link to open the email.
If you use Gmail as your primary application to manage your emails, clicking on the link should be enough to open the email. But if you use a third-party application to view your emails, you will need to click on a button to view the email. And according to the DHS cybersecurity experts, the phishing experts use this ‘button’ to hack your account.
Gmail Phishing Warning
In order to further understand this threat, it is important to learn what phishing is in the first place. Hackers use this technique in which they create seemingly real links and pages that look like the real ones but are not. So when a user clicks on a phishing link, he is redirected to a fake page instead of the desired destination. Here, he could be tempted to reveal his sensitive information such as account credentials, payment details, and so on.
In the recent Gmail Phishing warning, the phishing experts expose the Gmail confidential mode to execute their phishing scam. In the third-part applications where the Show Email button is located, they place a fake link; this link redirects the users to a different location instead of Gmail inbox. So, when the user reaches the wrong destination, the user is at the mercy of the hacker as he can easily expose his sensitive information.
How to Stay Safe From the Recent Gmail Phishing Scam
As revealed in the recent Gmail Phishing warning, the hackers attack the users who use third-party applications to open confidential emails. Here, they attack the button which directs them to the Gmail inbox.
In order to remain safe, you use the official Gmail applications to open your emails. If you can’t help it but use third-party apps, it is important that you check the links carefully for their authenticity. If they look suspicious, you shouldn’t click on the links at all.