Subj : Google fixes serious email authentication bug - make sure you're To : All From : TechnologyDaily Date : Mon Jun 12 2023 13:15:03 Google fixes serious email authentication bug - make sure you're not affected Date: Mon, 12 Jun 2023 11:57:18 +0000 Description: Gmail system designed to protect users from scammers and malicious actors failed to do exactly that. FULL STORY ====================================================================== Google says that it has fixed an issue in Gmail that saw scammers impersonating a legitimate, and more importantly, verified company, but fortunately, it looks like no users were harmed. The email service provider just recently expanded on the BIMI email authentication program it launched almost two years ago by allowing certain eligible companies to show a blue checkmark next to their name, in a bid to help users distinguish safe emails in the inbox. The emails in question appeared to come from delivery giant UPS, however fortunately, The Register reports that no malicious payload was included. Gmail authentication hacked BIMI requires that participating companies adopt Domain-based Message Authentication, Reporting, and Conformance (DMARC) as well as either Sender Policy Framework (SPF) or DomainKeys Identified Mail (DKIM). Read more > These are the best identity theft protection tools > Gmail now offers verification to replace your lost Twitter blue tick > This new malware campaign can hijack your Gmail or Outlook email account A vulnerability in SPF is to blame for allowing scammers to pretend to be UPS, even adopting the companys logo and blue checkmark, according to Chris Plummer who shared their findings via a Tweet . The thread details Googles initial response, along the lines of wont fix - intended behavior, before pressure from Plummer and the Internet saw it rethink its stance. A later communication from Google to Plummer reads: After taking a closer look we realized that this indeed doesnt seem like a generic SPF vulnerability. Thus we are reopening this and the appropriate team is taking a closer look at what is going on. Google apologized to Plummer for its initial response, which it said might have been frustrating, and thanked the Twitter user for pressing on for [Google] to take a closer look. While this example in isolation appears not to have caused any trouble, its unclear how many other accounts have been impersonated and how many email users have fallen victim to other scams. Google did not immediately respond to TechRadar Pro s request for an update on the matter. Protect your devices and network with the best firewalls ====================================================================== Link to news story: https://www.techradar.com/news/google-fixes-email-authentication-bug-that-coul d-have-let-hackers-pose-as-real-firms --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .