Email/Gmail Verification Vulnerability

Friday, June 2, 2023 11:45PM

There has been a vulnerability identified in the authentication systems which verify that the emails came from a specific domain and/or organization. This could potentially be a big issue for the reasons below:

What can happen?

There are many verification systems in place which can verify that an email came from the account and domain that it claims to have come from, and sometimes tag valid emails with proper business logos. Any which don’t pass the check usually get thrown into the Spam or Junk E-mails folder, depending on the client and email provider.

This new vulnerability can allow spoofers to make the emails to appear to have come from the proper servers, so it passes said checks. Meaning that one can’t go by that alone.

Other ways to check

For now we will have to rely on the other, original methods of determining if an email is fake. Such as verifying links by hovering over them and looking for their target at the bottom of the browser. And if in doubt, close out of the email and go directly to the site that it claims to be from and log into your account from there.

So if you get an email claiming to be from UPS which seems illegitimate in any way, even if it’s just a gut feeling, close out of that email and navigate to ups.com, checking your account or package status that way.

Stay safe out there.

< Next
LogoFAIL Exploit Details
Previous >
Why a Website Is Needed
Back to Articles