A new scam on Gmail is making the rounds as a verification scam and is being used by hackers to compromise account security.
Cybersecurity engineer, Chris Plummer, shared a picture of a spoof email claiming to be from UPS. While most emails have a header with an email address containing random letters and numbers, this scam involves an email from a legitimate source.
According to Plummer, a bug in Gmail has been exploited by exploiters to get around Google’s “authoritative stamp of approval”. When the issue was reported to Google, the company initially hand-waived the problem saying the verification system was working but later announced it was working on improving the system.
Here is how you can avoid getting scammed via Gmail:
Double-checking the header, especially for random letters and numbers in the email.
Double-checking for spelling errors, where scammers can replace characters with lookalike ones.
Be wary of sharing financial information with others, or updating account information or a refund offer.
Avoid clicking on unrecognisable attachments.