Spoofing mails sent by Gmail ids by exploiting Google’s vulnerability

Malicious actors used Google’s vulnerability to send malicious spoofing mails to targeted individuals.

Identity misrepresentation is used by the scammers which takes place through a classical email spoofing attack in which the “From” value of the mail received is tampered with. Sender policy framework and Domain-based Message Authentication, Reporting, and Conformance are the rules that prevent spoofing.

These rules prevent attackers to use their services to send out malicious mails and also informs the user if their is any malicious email in their inbox. In a recent spoofing scam the hackers were able to bypass these rules and found their way to the user inbox.

By using custom email routing rules, a user could also change the email recipient’s address redirecting any incoming emails. In the attack launched by hackers, the emails were declared completely safe by the SPF and DMARC rule.

The flaw was reported to Google and it has been taken care of by the organization. Google however took quite a long period to respond to this vulnerability and this has caused a sense of negligence from the organization’s end.

Install NPAV on your devices to keep them safe and secure from all kinds of spoofing scams. NPAV provides best in class security from all kinds of cyber attacks.

Use NPAV and join us on a mission to secure the cyber world.

Sharing is caring!

Leave a Reply

Your email address will not be published. Required fields are marked *

*