A new scam on Gmail is making the rounds as a verification scam and is being used by hackers to compromise account security.

Cybersecurity engineer, Chris Plummer, shared a picture of a spoof email claiming to be from UPS. While most emails have a header with an email address containing random letters and numbers, this scam involves an email from a legitimate source.

According to Plummer, a bug in Gmail has been exploited by exploiters to get around Google’s “authoritative stamp of approval”. When the issue was reported to Google, the company initially hand-waived the problem saying the verification system was working but later announced it was working on improving the system.

Here is how you can avoid getting scammed via Gmail:

Double-checking the header, especially for random letters and numbers in the email.

Double-checking for spelling errors, where scammers can replace characters with lookalike ones.

Be wary of sharing financial information with others, or updating account information or a refund offer.

Avoid clicking on unrecognisable attachments.