Security Hole in Gmail Android App Makes Phishing Attacks Easier

  • 1
    Share

A recently discovered bug in the Gmail Android App allows anyone to pose as someone else, hiding their real email address. Although labelled as a “non-issue” by Google Security Team, the flaw can prove to be helpful for online scammers. Read the rest of the story from the post that follows.

Phishing has been one of the oldest tricks in the history of cyberattacks. And with time, scammers have been able to devise new and slier ways to trick people into phishing traps. And a new security bug discovery by Yan Zhu, an independent security researcher, may just make this trick more successful.

This security bug is known to affect the Gmail Android app as of now. This is how it works:
If the user changes their display name in the Gmail Account Settings, their real email address will be hidden in the recipient’s inbox.

For instance, if you change your display name to “”security@google.com”, the same name will be displayed in every email that you send out. And in that email, your real email address will be hidden; and there’s no way to reveal it.

So, how does this bug encourage phishing attacks?
This flaw is more likely to be abused by online scammers who could spoof their display name to some trusted or reputed entity such as a popular online shopping site, a bank, a financial organization or companies like Google, Facebook, etc. To unsuspecting users, a sender with the name security@facebook.com or security@google.com may not appear suspicious. And this is where, they could fall into a phishing trap.

Gmail Android App Display Name Flaw
However, it is important to note that, this security flaw only gets triggered if the display name has extra quotation marks in it – for instance, “”security@google.com”

On the other hand, if the display name does not have these quotation marks, the bug won’t get triggered, and the recipient will be able to view the real email address of the sender.

So, the bottom line remains the same
Beware of any kind of unexpected or unwanted email, regardless of who is sending it to you. If the email sounds urgent or important, you can always give a call to the sender and have the information verified. Also, having a mobile antivirus app that can block spam, phishing, and malicious emails, adds to your security.

If you think this post is helpful, share it with your friends, family members, and acquaintances. If you wish to receive such alerts and security tips directly to your inbox, then click here to subscribe to our blog. Stay safe!

Rajiv Singha

Rajiv Singha


27 Comments

Leave a Reply to akash jaiswar Cancel reply

Your email address will not be published.

CAPTCHA Image

  1. no work quickheal correctly

    Reply
  2. Avatar Rasbihari PattanaikNovember 18, 2015 at 4:52 PM

    Quite helpful. Thanks.

    Reply
  3. Avatar akash jaiswarNovember 18, 2015 at 5:55 PM

    serial key

    Reply
  4. controle this bug

    Reply
  5. Avatar shishirbartaulaNovember 18, 2015 at 6:30 PM

    very nice

    Reply
  6. This is a serious bug,thank you for making us aware of this

    Reply
  7. Avatar anwarhussainNovember 18, 2015 at 7:23 PM

    good

    Reply
  8. Avatar Sushanta ChakrabortyNovember 18, 2015 at 7:54 PM

    always pop up quick heal browser protection screen. It is irritating.

    Reply
  9. Avatar SK TAJAMUL HAQUENovember 18, 2015 at 8:01 PM

    TUNEUP NOT VALID. CLEANING OBSOLETE AND INVALID REGISTRY ENTRIES.

    Reply
  10. Avatar CHANDNI CHAWLANovember 18, 2015 at 9:28 PM

    quite satisfied

    Reply
  11. best service

    Reply
  12. Good. Thanks.

    Reply
  13. Avatar vimal prakashNovember 19, 2015 at 1:07 PM

    Protection is out of date.

    Reply
  14. Avatar Andrew MithenNovember 19, 2015 at 3:21 PM

    Good info, aill pass it on
    Thank you
    andrew

    Reply
  15. Avatar Nagaraj BhutanavarNovember 19, 2015 at 5:33 PM

    nice

    Reply
  16. Avatar RAVENDRA KUMARNovember 19, 2015 at 6:40 PM

    THANKS FOR QUICK HEAL SERVISE IN EMAIL UPDATE
    THANKS BY RAVENDRA PATHAK VILL BEHATI KHURD POST BILGRAM DIST HARDOI UP

    Reply
  17. Is there a security hole in inbox provided by Google for Android ?
    Please send the answer to my mail
    Thanks for aware me.

    Reply
    • Rahul Thadani Rahul ThadaniNovember 23, 2015 at 2:08 PM

      Hi Sanjay,

      No there is no security hole in this that we are aware of right now. Can you share some more details about the problem you are facing?

      Regards.

      Reply
  18. SUPER

    Reply
  19. Avatar janu khan banka biharNovember 22, 2015 at 7:47 AM

    rahul sir
    please solve my problem.
    daily update impossible.

    Reply
  20. Very good

    Reply