Gmail users have been urged to keep an eye out for a hard-to-spot scam tactic used by fraudsters - and it involves exploiting a new security feature introduced by Google just last month.
The tech giant recently rolled out an upgrade allowing verified senders to add a blue tick to their email addresses, designed as an easy way to let recipients know that their messages have come from a reliable source. However, it appears that the new system is not completely fool-proof - after a cyber security expert warned of scammers finding a way to use the blue ticks in order to appear genuine.
Security engineer Chris Plummer shared worrying evidence of the new scam on Twitter, showing an email he received himself of a forged UPS delivery message sporting the blue tick. While the verification symbol may lure users into believing that the message is genuine at first glance, a closer look reveals that the correspondence is not from the courier company and is highly likely to be a money-grabbing scam, The Mirror reports.
READ MORE: iPhone and Android users issued warning on two apps that drain the life out of your battery
After the cyber security pro suggested there was a "bug" in the new Gmail verification system allowing scammers to exploit it, Google later confirmed that they were looking into the situation as a matter of urgency. "After taking a closer look we realised that this indeed doesn't seem like a generic SPF vulnerability," Google said in a message to Plummer.
The tech giant added: "Thus we are reopening this and the appropriate team is taking a closer look at what is going on. We apologise again for the confusion and we understand our initial response might have been frustrating, thank you so much for pressing on for us to take a closer look at this."
Google said that it will keep users informed of security updates as it addresses the issue - but until then, it's definitely worth carrying out some extra checks when it comes to verifying the origin of your emails if you're a Gmail user. Even if you get a message with a blue tick, don't rely on this alone to determine whether it comes from a genuine organisation.
According to consumer experts Which?, there are a few additional steps you should carry out to verify an email before you take any action on it:
- Check the sender's email address - A scam email will usually come from an unrecognisable email address - this may consist of random numbers, letters or words that have nothing to do with the organisation the scammer is impersonating
- Check the greeting - Sometimes scam emails will just say 'Hi' and not include a name, or your email address will be used after 'Hi' - this impersonal approach is a sign that it's likely to be a scammer behind the email
-
Check contact information - Hover your cursor over anywhere you'd usually expect there to be a link in the email - by hovering your cursor over any links, you can see the URL they'll send you to without clicking on them
- Check the branding - Take a look at the quality of of any logos in the email - for example, if the images are pixelated, this can strongly indicate that the email is a scam
- Check spelling and grammar - Poor spelling and grammar are tell-tale signs that an email has not come from a genuine organisation - sloppy presentation is also a key indicator of a phishing attempt
- Check what it's asking you for - If an email asks you to update or re-enter your personal information or bank details out of the blue, it is likely to be a scam - most companies will never ask for personal information via email.
READ NEXT: