Subj : There's a new Gmail verification scam; here's how to avoid gettin To : All From : TechnologyDaily Date : Fri Jun 02 2023 23:30:03 There's a new Gmail verification scam; here's how to avoid getting caught up in it Date: Fri, 02 Jun 2023 22:19:57 +0000 Description: Bad actors have been discovered exploiting a Gmail bug in order impersonate verified accounts in new phishing scam. FULL STORY ====================================================================== Theres a new Gmail scam making the rounds online as bad actors are taking advantage of the services recently launched verification system. Back at the beginning of May, Google introduced blue checkmark verification in order to combat internet scams like phishing attacks . Companies and organizations can apply to the program to verify their identity , and upon approval, Gmail will display the aforementioned blue checkmark next to the brand logo. What was supposed to be a way to protect people is instead, in some instances, being used to go after them. Cybersecurity engineer Chris Plummer posted on Twitter an image of a spoofed email claiming to officially be from UPS. The scammer apparently somehow got past Googles own safeguards. Bug exploit Identifying the fake email was easy enough to do. Plummer shows the header sporting an email address consisting of mostly random letters and numbers ending in a UPS URL. However, hovering over the checkmark displays a window stating the message is coming from a legitimate source. Its unknown how the bad actor got around the security checks. Plummer claims theres a bug in Gmail that scammers are exploiting to trick the platforms authoritative stamp of approval. From there, the bad actors hop through multiple domains before zeroing in on their target. Initially, when he reported the problem to Google, the company reportedly hand-waved it away saying the system was working as intended. But in the days since Plummers discovery, the tech giant made an about-face and announced it is currently working on a fix . How to not get scammed Since we dont know when the patch will roll out, it makes sense to protect yourself until then. TechRadar has a couple of guides on how to avoid online phishing scams and how to protect your inbox . We strongly recommend reading both to get a full understanding, but here are some pieces of advice to get you started. First, double-check the header. If you see a bunch of random letters, numbers, and symbols in the email address, thats your first clue that something is fishy. Secondly, double-check the spelling in the header. Some scammers will replace certain characters with a lookalike to trick people. For example, the letter O will be replaced with the number 0 or the capital I with a lowercase l (that's an "L"). Gmails default font can make this tough to discern. Be wary of any emails urging you to share your financial information, whether updating your account details or a refund offer you didnt ask for. Of course, dont click on any links or attachments you dont recognize. Also, be sure to check out TechRadars list of the best identity theft protection apps for June 2023 to better safeguard your personal details. ====================================================================== Link to news story: https://www.techradar.com/news/theres-a-new-gmail-verification-scam-heres-how- to-avoid-getting-caught-up-in-it --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .