Blog

Rajib Singha
Security Hole in Gmail Android App Makes Phishing Attacks Easier
November 17, 2015

Security Hole in Android Gmail App Makes Phishing Attacks Easier

A recently discovered bug in the Gmail Android App allows anyone to pose as someone else, hiding their real email address. Although labelled as a “non-issue” by Google Security Team, the flaw can prove to be helpful for online scammers. Read the rest of the story from the post that follows.

Phishing has been one of the oldest tricks in the history of cyberattacks. And with time, scammers have been able to devise new and slier ways to trick people into phishing traps. And a new security bug discovery by Yan Zhu, an independent security researcher, may just make this trick more successful.

This security bug is known to affect the Gmail Android app as of now. This is how it works:
If the user changes their display name in the Gmail Account Settings, their real email address will be hidden in the recipient’s inbox.

For instance, if you change your display name to “”security@google.com”, the same name will be displayed in every email that you send out. And in that email, your real email address will be hidden; and there’s no way to reveal it.

So, how does this bug encourage phishing attacks?
This flaw is more likely to be abused by online scammers who could spoof their display name to some trusted or reputed entity such as a popular online shopping site, a bank, a financial organization or companies like Google, Facebook, etc. To unsuspecting users, a sender with the name security@facebook.com or security@google.com may not appear suspicious. And this is where, they could fall into a phishing trap.

Gmail Android App Display Name Flaw
However, it is important to note that, this security flaw only gets triggered if the display name has extra quotation marks in it – for instance, “”security@google.com”

On the other hand, if the display name does not have these quotation marks, the bug won’t get triggered, and the recipient will be able to view the real email address of the sender.

So, the bottom line remains the same
Beware of any kind of unexpected or unwanted email, regardless of who is sending it to you. If the email sounds urgent or important, you can always give a call to the sender and have the information verified. Also, having a mobile antivirus app that can block spam, phishing, and malicious emails, adds to your security.

If you think this post is helpful, share it with your friends, family members, and acquaintances. If you wish to receive such alerts and security tips directly to your inbox, then click here to subscribe to our blog. Stay safe!

Have something to add to this story? Share it in the comments.

Rajib Singha
About Rajib Singha
Rajib is a Physics graduate and a technology enthusiast. Besides having a keen interest in the latest gadgets, he is also into IT security and all that it...
Articles by Rajib Singha »

27 Comments

Your email address will not be published.

CAPTCHA Image

  1. no work quickheal correctly

    Reply
  2. Rasbihari PattanaikNovember 18, 2015 at 4:52 PM

    Quite helpful. Thanks.

    Reply
  3. akash jaiswarNovember 18, 2015 at 5:55 PM

    serial key

    Reply
  4. controle this bug

    Reply
  5. shishirbartaulaNovember 18, 2015 at 6:30 PM

    very nice

    Reply
  6. This is a serious bug,thank you for making us aware of this

    Reply
  7. anwarhussainNovember 18, 2015 at 7:23 PM

    good

    Reply
  8. Sushanta ChakrabortyNovember 18, 2015 at 7:54 PM

    always pop up quick heal browser protection screen. It is irritating.

    Reply
  9. SK TAJAMUL HAQUENovember 18, 2015 at 8:01 PM

    TUNEUP NOT VALID. CLEANING OBSOLETE AND INVALID REGISTRY ENTRIES.

    Reply
  10. CHANDNI CHAWLANovember 18, 2015 at 9:28 PM

    quite satisfied

    Reply
  11. best service

    Reply
  12. Good. Thanks.

    Reply
  13. vimal prakashNovember 19, 2015 at 1:07 PM

    Protection is out of date.

    Reply
  14. Andrew MithenNovember 19, 2015 at 3:21 PM

    Good info, aill pass it on
    Thank you
    andrew

    Reply
  15. Nagaraj BhutanavarNovember 19, 2015 at 5:33 PM

    nice

    Reply
  16. RAVENDRA KUMARNovember 19, 2015 at 6:40 PM

    THANKS FOR QUICK HEAL SERVISE IN EMAIL UPDATE
    THANKS BY RAVENDRA PATHAK VILL BEHATI KHURD POST BILGRAM DIST HARDOI UP

    Reply
  17. Is there a security hole in inbox provided by Google for Android ?
    Please send the answer to my mail
    Thanks for aware me.

    Reply
  18. SUPER

    Reply
  19. janu khan banka biharNovember 22, 2015 at 7:47 AM

    rahul sir
    please solve my problem.
    daily update impossible.

    Reply
  20. Very good

    Reply