Google Gmail users are being warned of a new security warning that could put their accounts at risk. The warning, which appears when users try to send an email, says that the sender's email address has not been verified.
According to Forbes, this warning is being issued because it is possible for hackers to spoof email addresses, making it appear as if the email is coming from someone else. This can be used to trick users into opening malicious attachments or clicking on links that lead to phishing websites.
Threat actors are conducting a phishing campaign that targets the OAuth feature in Gmail. This feature allows users to sign into third-party apps and websites using their Google account. However, hackers have created fake apps and websites that look like legitimate ones, such as Facebook, Netflix, or Amazon. They then send phishing emails to Gmail users with links to these fake apps and websites, asking them to sign in with their Google account.
OAuth is a system that enables users to grant access to their online accounts, such as Gmail, to third-party apps and websites without sharing their passwords. For example, if a user wants to use an app that requires access to their Gmail contacts, they can sign in with their Google account and authorize the app to access their contacts. Google uses various methods to verify the identity of third-party apps and websites, such as certificates and tokens.
How does the phishing campaign work?
The phishing campaign works by exploiting a flaw in OAuth that allows hackers to create fake apps and websites that have the same name and logo as legitimate ones, such as Facebook, Netflix, or Amazon. They then send phishing emails to Gmail users with links to these fake apps and websites, asking them to sign in with their Google account.
When users click on the link and sign in with their Google account, they unknowingly grant access to their Gmail account to the hackers. The hackers then use this access to read, send, and delete emails from the user's Gmail account. These malicious emails can bypass Gmail's sender verification feature because they are sent from a verified Gmail account.
Sender verification is a feature in Gmail launched last month that shows users if the sender of an email can be verified by Google or not. Google uses various methods to verify senders, such as DomainKeys Identified Mail (DKIM), Sender Policy Framework (SPF), and Domain-based Message Authentication, Reporting and Conformance (DMARC).
These methods involve adding cryptographic signatures or records to the email headers that can be validated by the recipient's email provider. If the signatures or records match, the email is considered authentic and Gmail shows a green check mark next to the sender's name or email address. If they don't match or are missing, the email is considered suspicious and Gmail shows a question mark icon next to the sender's name or email address.
Users can protect themselves by being careful about clicking on links in emails that ask them to sign in with their Google account. They should always check the URL of the app or website before signing in and look for signs of authenticity, such as HTTPS and a padlock icon. They should also review the permissions that they grant to third-party apps and websites and revoke any suspicious ones.