Determining the trustworthiness of online entities is an incredibly intricate matter. Despite offering valuable advice, scammers continuously devise novel tactics and tools to deceive individuals and gain their trust. Consequently, many companies have endeavored to develop straightforward and readily comprehensible methods for verifying online identities. For instance, Gmail employs the familiar blue checkmarks that appear alongside verified senders in users’ inboxes. Unfortunately, certain malicious actors have discovered a means to exploit Google’s system.
Gmail provides companies and organizations with various mechanisms to authenticate their identities, such as BIMI (Brand Indicators for Message Identification), VMC (Verified Mark Certificate), and DMARC (Domain-based Message Authentication, Reporting, and Conformance). By completing the necessary procedures to confirm their legitimacy, these entities can display their company logos alongside their names, accompanied by the aforementioned blue checkmark.
However, cybersecurity engineer Chris Plummer recently made a disconcerting observation. Some scammers have managed to circumvent Google’s protective measures and manipulate their messages to appear as if they originate from an officially recognized source, successfully passing integrity checks.
Deeply troubled by this revelation, Plummer promptly notified Google of the alarming situation. To his surprise, his bug report was closed with the explanation that this behavior was somehow intentional—an explanation that failed to convince him. Consequently, Plummer turned to Twitter to express his frustrations. The response on social media was overwhelming, indicating that Google may need to reconsider its initial dismissal. The ball is now in Google’s court, and there is a cautious sense of optimism that the issue underlying this vulnerability will be promptly identified and addressed. Regrettably, Plummer had to push Google to acknowledge the severity of the matter persistently, but we are relieved that the company appears to have eventually recognized its significance.