Gmail users are being warned that a new Google Mail feature could be seized upon by cyber criminals trying to trick victims with a dangerous phishing scam.
In April, Google unveiled its brand new design which introduced a clean new user interface and a swathe of new features including the ability to snooze a message, auto-generate smart replies and self-destruct emails in the brand new “Confidential Mode”.
The Department of Homeland Security (DHS) reportedly issued an alert on the “potential emerging threat… for nefarious activity” with the Gmail redesign, the report said.
“We have reached out to Google to inform them of intelligence relevant to their services and to partner to improve our mutual interests in cybersecurity,” Lesley Fulop, DHS spokesperson said.
Central to these fears was the new “Confidential Email” feature that can require users to click a link in order to access these messages.
If you’re a Gmail user using the official Google Mail website then the “Confidential Email” appears when you click to open it.
It shows a date for when the content will expire and informs the users that the email can’t be forwarded or downloaded.
However, it’s different if you’re a Gmail user viewing the message as a third-party client or a non-Gmail user who receives a confidential email.
In those cases, instead of the message appearing in their browser, users have to click a button to view the email. And this is where the security fears lie.
With the Gmail redesign, scammers could send out fake versions of confidential email alerts and trick a user into entering sensitive details.
“The tech giant is committed to protecting the security of users’ personal information and hence, had created “machine learning” algorithms to detect potential phishing scams that cybercriminals carry out,” said Google spokesman Brooks Hocog.
Eyal Benishti, the CEO and founder of anti-phishing technologies firm IRONSCALES, also spoke out about the security fears surrounding the new Gmail feature.
He said: “Phishing is already a prevalent threat individuals and organisations face, and features like the one introduced by Google, in this case, is just making it even easier for nefarious actors to exploit victims.
“It is so difficult for even trained eyes to spot a sophisticated phishing attempt – how are users meant to differentiate between a real ‘confidential link’ and a fake?