Gmail Alert! This bug allowed scammers to bypass security check; Google reacts

A new Gmail bug allowed scammers to mimic the blue tick security check. Here is what you should know about it.

| Updated on: Jun 04 2023, 16:17 IST
How to use Gmail without internet! Follow these steps to send email offline
1/5 With the internet becoming a necessity, it is now difficult to imagine even a single day without it. Almost all your work- from official to personal requires an internet connection. Even the apps you have on your phone require an internet connection to run including email. However, what if you are facing an internet issue and you have to send an important mail? Now, Gmail can be used to send email offline. Yes, you will not require any internet connection for the same. (Unsplash)
image caption
2/5 You will be able to read, respond to, and search your Gmail messages even when you are not connected to the Internet by visiting It can be noted that in order to make it easier to use Gmail to send email offline, it is recommended to bookmark in Chrome. Also if you are using Gmail with your work or school account, you can ask your admin to help change your settings. Wondering how to get Gmail offline? Check it below. (Unsplash)
image caption
3/5 On your computer, make sure you have downloaded Chrome. You can only use Gmail offline in a Chrome browser window, not using Incognito mode. Then go to Gmail offline settings or click on the link- (Unsplash)
image caption
4/5 Check "Enable offline mail." Choose your settings, such as how many days of messages you want to sync and finally click Save changes. (Unsplash)
image caption
5/5 You can also bookmark Gmail to use offline. You can bookmark your inbox to make accessing your email offline easier. In Chrome, open your Gmail inbox and to the right of the address bar, click Star. (Unsplash)
View all Images
Google has marked the latest bug in Gmail security check as the highest priority fix. (Unsplash)

If you are a Gmail user, then you need to be extremely careful. A Gmail bug has just put your account security at risk. So, pay attention and be extremely careful when you receive new emails. In case of doubt, verify and if that is not possible, do not open it. Last month, Google rolled out verified checkmarks to Gmail users to confirm the identity of select senders by displaying the blue tick next to their names. It functions as an additional security measure, and senders are required to use the robust authentication as well as authenticate their brand logos to have them displayed as an "avatar" in emails. Additionally, this checkmark assists email security systems in distinguishing between spoofed or phishing emails and genuine ones. However, scammers successfully bypassed this Gmail security check and found a way to convince the Google system that their brand is real!

Security Architect at Dartmouth Health, Chris Plummer, found this bug in Gmail. "The sender found a way to dupe Gmail's authoritative stamp of approval, which end users are going to trust. This message went from a Facebook account to a UK netblock, to O365, to me. Nothing about this is legit. Google just doesn't want to deal with this report honestly," the security researcher tweeted.

Plummer revealed that when he first discovered the issue, Google disregarded it as "intended behaviour." However, after his tweets gained significant attention, the company recognized its mistake and acknowledged the error. A screenshot of Google Security Team's response shared by Plummer reads, "After taking a closer look we realized that this indeed doesn't seem like a generic SPF vulnerability. Thus we are reopening this and the appropriate team is taking a closer look at what is going on."

Has the Gmail Bug been fixed?

According to Plummer, Google has now classified the flaw as a 'P1' which is considered to be the highest priority fix, and it is currently being worked on as an ongoing process.

Therefore, there is a need to be extra careful when you receive emails from scammers posting from fake accounts. Just know that these may not be from legitimate Gmail accounts due to this bug and the intention of the scammers is to trick you into doing what they want.

Follow HT Tech for the latest tech news and reviews , also keep up with us on Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 04 Jun, 16:17 IST
keep up with tech