As technology continues to advance at an incredible pace, it's no surprise that many of us have embraced email and social media as our primary means of staying connected with friends, family, and businesses.

The convenience, speed, and cost-effectiveness of these digital platforms far outweigh the reliance on traditional handwritten mail, don't you agree?

However, it is essential to remember that while technology undoubtedly makes life easier in countless ways, it also exposes us to certain risks and dangers. Our loved ones and ourselves are not exempt from these potential pitfalls.

In fact, a recent news report highlights a scam that has targeted millions of Gmail users, exploiting a potential bug in one of Google's newest features—the verification checkmark.

Scammers are using Google's new process to drop cyber bugs directly into Gmail inboxes. Credit: Twitter/chrisplummer.

This feature, rolled out just last month, is intended to help users identify genuine emails from verified business senders with ease.

Sadly, it turns out scammers have been quick to exploit this feature to increase their chances of scamming victims out of their hard-earned cash.

These cybercriminals have been able to craft seemingly legitimate accounts, which could be tricky to spot from the real thing. They also managed to add a 'verification check' in their profile by impersonating real businesses—baffling users who are already at risk of falling victim to email fraud.

When you hover over the business logo and blue checkmark inside your inbox, it will show the message: 'The sender of this email has verified that they own [domain URL] and the logo in the profile image.'

But if you look carefully, the URL is often not the real trusted sender's, but from someone imitating the business.

An example of a legitimate email from the actual business. Credit: Twitter/chrisplummer.

One such suspicious email was spotted last Thursday by IT security engineer Chris Plummer, who realised there must have been a flaw in Gmail to allow scammers to pull this off.

'How is a scammer impersonating UPS in such a convincing way "intended"?' he tweeted. 'The sender found a way to dupe Gmail's authoritative stamp of approval, which end users are going to trust.'

Fortunately, his call for help didn't go unnoticed. After going viral on social media, Google was prompted to open up a high-priority investigation into the matter.

'We apologise again for the confusion, and we understand our initial response might have been frustrating. Thank you so much for pressing on for us to take a closer look at this!'

​

Even in a short space of time after the UPS scam had been uncovered, tech-consultant Christoph Dary noticed that the postal business had taken action to block Microsoft IPs from its Sender Policy Framework—further evidence of the vulnerability in Gmail.

He commented: 'This type of flaw is doubly devastating: it makes it possible to distribute perfect phishing, with all the appearances and certifications of real emails from the real domain. It (also) casts doubt on the effectiveness of the protocols.'

In response, Google is now requiring senders to use a more secure DomainKeys Identified Mail (DKIM) authentication standard in order to achieve the 'Verified Checkmark' status.

Key Takeaways

• Gmail's verification checkmark, rolled out last month, has already been exploited by scammers who are creating verified accounts impersonating real businesses.
• Cybersecurity engineer Chris Plummer spotted an example of the scam and reported the bug to Google. After an initial dismissal, Google reopened the matter to a high-priority investigation.
• The breach comes at a time when scammers increasingly impersonate trusted brands, leading to devastating financial losses for victims.
• Google has stated that they are now requiring senders to use DomainKeys Identified Mail (DKIM) authentication standard to qualify for the blue checkmark status in order to keep users safe.

With scams often impersonating government agencies, banks, postal services, and well-known brands, according to the ACCC, it's more important than ever to remain vigilant when using email.

Even if we think we're receiving a message from a 'verified' sender on Gmail, we must not let our guard down. Always make sure to do a double take and be absolutely certain that the person claiming to represent a company or service is who they say they are.

The breach comes at a time when scammers are increasingly impersonating government agencies, banks, postal services and trusted brands. Credit: Unsplash/hostreviews.

Remember, folks – for every technological marvel making our lives easier, there's always someone trying to exploit it for nefarious purposes. We must be cautious and vigilant when using any online service, particularly ones that handle our personal and financial information.

To help our members stay sharp when it comes to online scams, we recommend reading up on this issue by visiting sites like the SDC's Scam Watch forum, discussing it with trusted family members and friends, and always being cautious, whether you're using Gmail or any other email service.

Have you encountered an email scam that left you questioning the sender's legitimacy? Please share your experiences in the comments section below, and let's keep our community informed and safe. Together, we can outsmart these pesky scammers!

 

[Joydie]

As technology continues to advance at an incredible pace, it's no surprise that many of us have embraced email and social media as our primary means of staying connected with friends, family, and businesses.

The convenience, speed, and cost-effectiveness of these digital platforms far outweigh the reliance on traditional handwritten mail, don't you agree?

However, it is essential to remember that while technology undoubtedly makes life easier in countless ways, it also exposes us to certain risks and dangers. Our loved ones and ourselves are not exempt from these potential pitfalls.

In fact, a recent news report highlights a scam that has targeted millions of Gmail users, exploiting a potential bug in one of Google's newest features—the verification checkmark.

View attachment 22051

Scammers are using Google's new process to drop cyber bugs directly into Gmail inboxes. Credit: Twitter/chrisplummer.

This feature, rolled out just last month, is intended to help users identify genuine emails from verified business senders with ease.

Sadly, it turns out scammers have been quick to exploit this feature to increase their chances of scamming victims out of their hard-earned cash.

These cybercriminals have been able to craft seemingly legitimate accounts, which could be tricky to spot from the real thing. They also managed to add a 'verification check' in their profile by impersonating real businesses—baffling users who are already at risk of falling victim to email fraud.

When you hover over the business logo and blue checkmark inside your inbox, it will show the message: 'The sender of this email has verified that they own [domain URL] and the logo in the profile image.'

But if you look carefully, the URL is often not the real trusted sender's, but from someone imitating the business.

View attachment 22050

An example of a legitimate email from the actual business. Credit: Twitter/chrisplummer.

One such suspicious email was spotted last Thursday by IT security engineer Chris Plummer, who realised there must have been a flaw in Gmail to allow scammers to pull this off.

'How is a scammer impersonating UPS in such a convincing way "intended"?' he tweeted. 'The sender found a way to dupe Gmail's authoritative stamp of approval, which end users are going to trust.'

Fortunately, his call for help didn't go unnoticed. After going viral on social media, Google was prompted to open up a high-priority investigation into the matter.

'We apologise again for the confusion, and we understand our initial response might have been frustrating. Thank you so much for pressing on for us to take a closer look at this!'

​

Even in a short space of time after the UPS scam had been uncovered, tech-consultant Christoph Dary noticed that the postal business had taken action to block Microsoft IPs from its Sender Policy Framework—further evidence of the vulnerability in Gmail.

He commented: 'This type of flaw is doubly devastating: it makes it possible to distribute perfect phishing, with all the appearances and certifications of real emails from the real domain. It (also) casts doubt on the effectiveness of the protocols.'

In response, Google is now requiring senders to use a more secure DomainKeys Identified Mail (DKIM) authentication standard in order to achieve the 'Verified Checkmark' status.

Key Takeaways

• Gmail's verification checkmark, rolled out last month, has already been exploited by scammers who are creating verified accounts impersonating real businesses.
• Cybersecurity engineer Chris Plummer spotted an example of the scam and reported the bug to Google. After an initial dismissal, Google reopened the matter to a high-priority investigation.
• The breach comes at a time when scammers increasingly impersonate trusted brands, leading to devastating financial losses for victims.
• Google has stated that they are now requiring senders to use DomainKeys Identified Mail (DKIM) authentication standard to qualify for the blue checkmark status in order to keep users safe.

With scams often impersonating government agencies, banks, postal services, and well-known brands, according to the ACCC, it's more important than ever to remain vigilant when using email.

Even if we think we're receiving a message from a 'verified' sender on Gmail, we must not let our guard down. Always make sure to do a double take and be absolutely certain that the person claiming to represent a company or service is who they say they are.

View attachment 22049

The breach comes at a time when scammers are increasingly impersonating government agencies, banks, postal services and trusted brands. Credit: Unsplash/hostreviews.

Remember, folks – for every technological marvel making our lives easier, there's always someone trying to exploit it for nefarious purposes. We must be cautious and vigilant when using any online service, particularly ones that handle our personal and financial information.

To help our members stay sharp when it comes to online scams, we recommend reading up on this issue by visiting sites like the SDC's Scam Watch forum, discussing it with trusted family members and friends, and always being cautious, whether you're using Gmail or any other email service.

Have you encountered an email scam that left you questioning the sender's legitimacy? Please share your experiences in the comments section below, and let's keep our community informed and safe. Together, we can outsmart these pesky scammers!

I’m a very poor target for scammers because I buy nothing online. When I get texts or emails from them, I block them and move on.

 

[Ricki]

As technology continues to advance at an incredible pace, it's no surprise that many of us have embraced email and social media as our primary means of staying connected with friends, family, and businesses.

The convenience, speed, and cost-effectiveness of these digital platforms far outweigh the reliance on traditional handwritten mail, don't you agree?

However, it is essential to remember that while technology undoubtedly makes life easier in countless ways, it also exposes us to certain risks and dangers. Our loved ones and ourselves are not exempt from these potential pitfalls.

In fact, a recent news report highlights a scam that has targeted millions of Gmail users, exploiting a potential bug in one of Google's newest features—the verification checkmark.

View attachment 22051

Scammers are using Google's new process to drop cyber bugs directly into Gmail inboxes. Credit: Twitter/chrisplummer.

This feature, rolled out just last month, is intended to help users identify genuine emails from verified business senders with ease.

Sadly, it turns out scammers have been quick to exploit this feature to increase their chances of scamming victims out of their hard-earned cash.

These cybercriminals have been able to craft seemingly legitimate accounts, which could be tricky to spot from the real thing. They also managed to add a 'verification check' in their profile by impersonating real businesses—baffling users who are already at risk of falling victim to email fraud.

When you hover over the business logo and blue checkmark inside your inbox, it will show the message: 'The sender of this email has verified that they own [domain URL] and the logo in the profile image.'

But if you look carefully, the URL is often not the real trusted sender's, but from someone imitating the business.

View attachment 22050

An example of a legitimate email from the actual business. Credit: Twitter/chrisplummer.

One such suspicious email was spotted last Thursday by IT security engineer Chris Plummer, who realised there must have been a flaw in Gmail to allow scammers to pull this off.

'How is a scammer impersonating UPS in such a convincing way "intended"?' he tweeted. 'The sender found a way to dupe Gmail's authoritative stamp of approval, which end users are going to trust.'

Fortunately, his call for help didn't go unnoticed. After going viral on social media, Google was prompted to open up a high-priority investigation into the matter.

'We apologise again for the confusion, and we understand our initial response might have been frustrating. Thank you so much for pressing on for us to take a closer look at this!'

​

Even in a short space of time after the UPS scam had been uncovered, tech-consultant Christoph Dary noticed that the postal business had taken action to block Microsoft IPs from its Sender Policy Framework—further evidence of the vulnerability in Gmail.

He commented: 'This type of flaw is doubly devastating: it makes it possible to distribute perfect phishing, with all the appearances and certifications of real emails from the real domain. It (also) casts doubt on the effectiveness of the protocols.'

In response, Google is now requiring senders to use a more secure DomainKeys Identified Mail (DKIM) authentication standard in order to achieve the 'Verified Checkmark' status.

Key Takeaways

• Gmail's verification checkmark, rolled out last month, has already been exploited by scammers who are creating verified accounts impersonating real businesses.
• Cybersecurity engineer Chris Plummer spotted an example of the scam and reported the bug to Google. After an initial dismissal, Google reopened the matter to a high-priority investigation.
• The breach comes at a time when scammers increasingly impersonate trusted brands, leading to devastating financial losses for victims.
• Google has stated that they are now requiring senders to use DomainKeys Identified Mail (DKIM) authentication standard to qualify for the blue checkmark status in order to keep users safe.

With scams often impersonating government agencies, banks, postal services, and well-known brands, according to the ACCC, it's more important than ever to remain vigilant when using email.

Even if we think we're receiving a message from a 'verified' sender on Gmail, we must not let our guard down. Always make sure to do a double take and be absolutely certain that the person claiming to represent a company or service is who they say they are.

View attachment 22049

The breach comes at a time when scammers are increasingly impersonating government agencies, banks, postal services and trusted brands. Credit: Unsplash/hostreviews.

Remember, folks – for every technological marvel making our lives easier, there's always someone trying to exploit it for nefarious purposes. We must be cautious and vigilant when using any online service, particularly ones that handle our personal and financial information.

To help our members stay sharp when it comes to online scams, we recommend reading up on this issue by visiting sites like the SDC's Scam Watch forum, discussing it with trusted family members and friends, and always being cautious, whether you're using Gmail or any other email service.

Have you encountered an email scam that left you questioning the sender's legitimacy? Please share your experiences in the comments section below, and let's keep our community informed and safe. Together, we can outsmart these pesky scammers!

These scammers are getting so good at what they do, it frightens me to open texts and my Gmail.

 

[Cheezil]

I really do not understand most of the lingo in this article & have no idea what its about apart from being a scam target (its all new foreign speak to me) even tho i have a Gmail email address/account & I'm not familiar with any blue check or tick or whatever the hell it is, but I'll use caution as always when receiving any email

 

[Forklift]

These people are the lowest of the low! A vast number of their victims are people like us who can least afford it. I am a victim of one of these mongrel people and I hope they all rot in hell!

 

[Gaena]

I really do not understand most of the lingo in this article & have no idea what its about apart from being a scam target (its all new foreign speak to me) even tho i have a Gmail email address/account & I'm not familiar with any blue check or tick or whatever the hell it is, but I'll use caution as always when receiving any email

I am with you I failed to understand anything in that story apart from being sure there is a scam targeting Gmail users. My Gmail account was only created for Facebook andI do not use it for anything else, I have never even signed into Gmail since opening my Face book membership, I use Outlook on a daily basis with a Telstra email address. I am not sure at all if the story about the scam indicated that I should be concerned about my Gmail account or not.