1.4bn Gmail users at risk, say US intelligence
GMAIL’S latest redesign could put its 1.4 billion global users at risk of extortion by cyber criminals, US intelligence officials have warned.
The risk to Google’s popular email service comes from a new feature, known as Confidential Mode, which may leave account holders vulnerable to “phishing” attacks designed to extort their personal information or money.
The new feature allows people to send emails that vanish after a set amount of time. To open them, the recipient must verify their identity by clicking on a link.
According to an intelligence note from the US Department of Homeland Security seen by ABC News, the new feature has created an opportunity in which “malicious cyber actors could exploit the recent Gmail redesign”.
Their concerns surround the practice of “phishing”, when con artists send emails pretending to be a legitimate company like a bank or service provider. The emails can be filled with malicious links that take victims to unsafe websites where they are asked to input personal account details that are often used to commit fraud.
Occasionally hackers will send employees working for organisations these bogus emails in the hope they will extort credentials to hack into sensitive systems. The concern is that these types of emails will appear more authentic if people become accustomed to clicking on links if it is the norm when opening confidential emails through Google. Confidential Mode also includes self-destructing emails, which senders can add expiry dates to if they remain unopened. The feature has been welcomed by those who have suffered the embarrassment of sending an email to the wrong person. Users set an expiry date for when the email is permanently deleted and allow it to lock itself after a certain time if left unopened.
But concerns have been raised over its potential misuse in public office, possibly allowing someone to easily destroy documents remotely if hoping to rid evidence of wrongdoing.
The Information Commissioner said it would keep an eye on its use by civil servants: “The use of such functionality will be taken into account with our ongoing work in this area,” it added.