comscore
News

Gmail Confidential Mode security loophole could put users at a risk of phishing attacks

Google’s Confidential Mode on Gmail isn’t that secure after all, according to DHS.

  • Published: July 23, 2018 5:01 PM IST
google-gmail-stock-image

Earlier this year, Google gave Gmail the much-needed redesign and introduced features such as snooze email, easy unsubscribing of spam mails and making unread, smart quick replies, and easy preview of attachments. Google also introduced the Confidential Mode with disappearing e-mails, with an aim to make emails more secure. However, turns out that the Confidential Mode may not be as secure as it seems.

The US Department of Homeland Security (DHS) has issued an intelligence note while warning Gmail users about “potential emerging threat … for nefarious activity”. The threat is linked with the way the Confidential Mode works. When you send an email in Confidential Mode, the recipient needs to click on the link to gain access. But this also “presents an opportunity for malicious cyber actors to mimic the e-mail message and phish unwary users” DHS report said, courtesy ABC News.

Watch: Vivo NEX First Look

Using the confidential mode, attackers can send emails with phishing links to gain access to recipient’s personal information. According to the report, those using third-party email programs such as Apple Mail or Outlook are at the biggest risk of being exposed to phishing scams. This is because users need to enter their Gmail account information to access a Confidential Email. It is important for the recipients to be attentive enough to figure out whether an email is malicious or not.

In a conversation with ABC News, John Cohen, a former acting undersecretary of the Department of Homeland Security said that the confidential email system “may actually place users at a higher risk because it may support a pattern of behavior where people click on links they receive.”

However, Google’s Brooks Hocog said that in an attempt to make communication safer, the company uses “machine learning” algorithms for detecting malicious phishing attempts in incoming emails. He further stressed that image scans are also made to find malicious contents that may be hidden, and that Google has managed to filter out 99.9 percent of phishing attempts.

We would advise our readers to be careful when opening emails, especially when it comes to clicking on links. If an email is from an unknown sender, it is better to avoid opening such mails, and putting your data at risk.

  • Published Date: July 23, 2018 5:01 PM IST