Security Hole in Gmail Android App Makes Phishing Attacks Easier

  • 1
    Share

A recently discovered bug in the Gmail Android App allows anyone to pose as someone else, hiding their real email address. Although labelled as a “non-issue” by Google Security Team, the flaw can prove to be helpful for online scammers. Read the rest of the story from the post that follows.

Phishing has been one of the oldest tricks in the history of cyberattacks. And with time, scammers have been able to devise new and slier ways to trick people into phishing traps. And a new security bug discovery by Yan Zhu, an independent security researcher, may just make this trick more successful.

This security bug is known to affect the Gmail Android app as of now. This is how it works:
If the user changes their display name in the Gmail Account Settings, their real email address will be hidden in the recipient’s inbox.

For instance, if you change your display name to “”security@google.com”, the same name will be displayed in every email that you send out. And in that email, your real email address will be hidden; and there’s no way to reveal it.

So, how does this bug encourage phishing attacks?
This flaw is more likely to be abused by online scammers who could spoof their display name to some trusted or reputed entity such as a popular online shopping site, a bank, a financial organization or companies like Google, Facebook, etc. To unsuspecting users, a sender with the name security@facebook.com or security@google.com may not appear suspicious. And this is where, they could fall into a phishing trap.

Gmail Android App Display Name Flaw
However, it is important to note that, this security flaw only gets triggered if the display name has extra quotation marks in it – for instance, “”security@google.com”

On the other hand, if the display name does not have these quotation marks, the bug won’t get triggered, and the recipient will be able to view the real email address of the sender.

So, the bottom line remains the same
Beware of any kind of unexpected or unwanted email, regardless of who is sending it to you. If the email sounds urgent or important, you can always give a call to the sender and have the information verified. Also, having a mobile antivirus app that can block spam, phishing, and malicious emails, adds to your security.

If you think this post is helpful, share it with your friends, family members, and acquaintances. If you wish to receive such alerts and security tips directly to your inbox, then click here to subscribe to our blog. Stay safe!

Rajiv Singha

Rajiv Singha

Follow @Singha_Ra

Subscribe
Notify of
guest
27 Comments
Inline Feedbacks
View all comments
shahin reza
shahin reza
5 years ago

no work quickheal correctly

Rahul Thadani
5 years ago
Reply to  shahin reza

Hi Shahin,

May we request you to contact our technical support team. They will help you resolve this issue as soon as possible. You can reach them here – https://www.quickheal.co.in/submitticket.

Regards.

Rasbihari Pattanaik
Rasbihari Pattanaik
5 years ago

Quite helpful. Thanks.

akash jaiswar
akash jaiswar
5 years ago

serial key

Rahul Thadani
5 years ago
Reply to  akash jaiswar

Hi Akash,

May we request you to contact our technical support team. They will help you resolve this issue as soon as possible. You can reach them here – https://www.quickheal.co.in/submitticket.

Regards.

veeresh
veeresh
5 years ago

controle this bug

shishirbartaula
shishirbartaula
5 years ago

very nice

Sandeep
Sandeep
5 years ago

This is a serious bug,thank you for making us aware of this

anwarhussain
anwarhussain
5 years ago

good

Sushanta Chakraborty
Sushanta Chakraborty
5 years ago

always pop up quick heal browser protection screen. It is irritating.

Rahul Thadani
5 years ago

Hi Sushanta,

May we request you to contact our technical support team. They will help you resolve this issue as soon as possible. You can reach them here – https://www.quickheal.co.in/submitticket.

Regards.

SK TAJAMUL HAQUE
SK TAJAMUL HAQUE
5 years ago

TUNEUP NOT VALID. CLEANING OBSOLETE AND INVALID REGISTRY ENTRIES.

Rahul Thadani
5 years ago

Hi SK TAJAMUL HAQUE,

May we request you to contact our technical support team. They will help you resolve this issue as soon as possible. You can reach them here – https://www.quickheal.co.in/submitticket.

Regards.

CHANDNI CHAWLA
CHANDNI CHAWLA
5 years ago

quite satisfied

vasanth
vasanth
5 years ago

good

shiraz
shiraz
5 years ago

best service

George
George
5 years ago

Good. Thanks.

vimal prakash
vimal prakash
5 years ago

Protection is out of date.

Rahul Thadani
5 years ago
Reply to  vimal prakash

Hi Vimal,

May we request you to contact our technical support team. They will help you resolve this issue as soon as possible. You can reach them here – https://www.quickheal.co.in/submitticket.

Regards.

Andrew Mithen
Andrew Mithen
5 years ago

Good info, aill pass it on
Thank you
andrew

Nagaraj Bhutanavar
Nagaraj Bhutanavar
5 years ago

nice

RAVENDRA KUMAR
RAVENDRA KUMAR
5 years ago

THANKS FOR QUICK HEAL SERVISE IN EMAIL UPDATE
THANKS BY RAVENDRA PATHAK VILL BEHATI KHURD POST BILGRAM DIST HARDOI UP

Sanjay
Sanjay
5 years ago

Is there a security hole in inbox provided by Google for Android ?
Please send the answer to my mail
Thanks for aware me.

Rahul Thadani
5 years ago
Reply to  Sanjay

Hi Sanjay,

No there is no security hole in this that we are aware of right now. Can you share some more details about the problem you are facing?

Regards.

PERIYASAMY
PERIYASAMY
5 years ago

SUPER

janu khan banka bihar
janu khan banka bihar
5 years ago

rahul sir
please solve my problem.
daily update impossible.

M.d.Yaseen
M.d.Yaseen
5 years ago

Very good

27
0
Would love your thoughts, please comment.x
()
x