Gmail blue tick system abused, Google didn’t care

Just as on Twitter or Instagram, there are verified users on Gmail. In this system, supported by Brand Indicators for Message Identification (BIMI), the brand logo used by companies as an e-mail avatar is really...
 Gmail blue tick system abused, Google didn’t care
READING NOW Gmail blue tick system abused, Google didn’t care
Just as on Twitter or Instagram, there are verified users on Gmail. In this system supported by Brand Indicators for Message Identification (BIMI), companies need to declare that the brand logo they use as an e-mail avatar really belongs to them. So it automatically gets a blue tick.

Google BIMI system being abused

According to the incident uncovered by a security engineer, cyber attackers can abuse the BIMI system and send emails to users like a real business. This poses a potential risk of being scammed.

The interesting part happened when the engineer transferred the subject to Google. Google did not take the request seriously and defined an individual event. The engineer also found the last resort in tweeting. When the engineer attracted attention in a short time, Google had to take a step.

Re-evaluating its response in the first place, Google has prepared a patch for the BIMI vulnerability that provides fake business appearance. The patch will be applied shortly. In the meantime, it is unknown if there are any users who are victims of the vulnerability.

Comments
Leave a Comment

Details
171 read
okunma42377
0 comments