GMAIL spoofing: Scammers impersonate GMAIL's BIMI ID
Posted: Tue Apr 22, 2025 10:02 am
Google has issued a new security warning to its 1.8 billion Gmail users due to a vulnerability in Gmail’s BIMI authentication system. Scammers have exploited this security feature, putting users at risk.
Discovery: Exploiting Gmail’s BIMI Identifier
Gmail's security has long been a major selling point. However, a major buy bulk sms service vulnerability was recently discovered in one of its key security features.
Last month, Google launched the BIMI checkmarking system for Gmail, which helps users distinguish genuine emails from fake ones and those sent by scammers.
However, scammers have found ways to exploit this system, putting Gmail's 1.8 billion users at risk.
The system was introduced to combat phishing and impersonation attacks. The Blue Verified Badge system highlights verified companies and organizations to users.
The idea is to instill confidence in users to discern which emails are legitimate and which might be sent by an imposter. Unfortunately, scammers have managed to game the system.
Mitigation: Google acknowledged the issue
Chris Plummer, a cybersecurity engineer at Gmail, was the first to discover that the scammers had manipulated the Gmail BIMI system. They tricked Gmail into treating their fake brands as real ones. This allowed the scammers to bypass the purpose of the system, which is designed to build user trust.
Plummer immediately reported his findings to Google. They hoped that Google would respond quickly and fix the vulnerability. Google initially ignored his findings. They called it "expected behavior." This caused dissatisfaction among security experts and users.
Due to the attention Plummer's tweet attracted and the subsequent viral spread of the issue, Google quickly realized the seriousness of the problem. The company acknowledged the error and made it a top priority to fix it.
In a statement to Plummer, Gmail's security team thanked him for his continued efforts to raise awareness of the issue and assured him and the user community that the vulnerability is being addressed.
Prevention: Working to solve the problem
Gmail's security team is actively working to resolve a vulnerability in Gmail's BIMI authentication system. They apologized for the confusion caused. They also expressed their commitment to quickly resolve the issue.
A fix is currently underway. The Gmail security team's goal is to keep users informed of their assessment and direction to resolve the issue. While waiting for a fix, Gmail users must remain vigilant and exercise caution when handling suspicious emails.
Update: Understanding the scope of the problem
Some recent developments investigated Gmail's logo verification system. They showed how scammers can exploit the system and what this means for other email services.
Jonathan Rudenberg, a debugger on the Gmail security team, replicated the hack on Gmail and demonstrated that other major email services were vulnerable to similar attacks.
The revelation raised concerns in the security community about the vulnerabilities and poor implementation of Gmail's authentication methods.
Discovery: Exploiting Gmail’s BIMI Identifier
Gmail's security has long been a major selling point. However, a major buy bulk sms service vulnerability was recently discovered in one of its key security features.
Last month, Google launched the BIMI checkmarking system for Gmail, which helps users distinguish genuine emails from fake ones and those sent by scammers.
However, scammers have found ways to exploit this system, putting Gmail's 1.8 billion users at risk.
The system was introduced to combat phishing and impersonation attacks. The Blue Verified Badge system highlights verified companies and organizations to users.
The idea is to instill confidence in users to discern which emails are legitimate and which might be sent by an imposter. Unfortunately, scammers have managed to game the system.
Mitigation: Google acknowledged the issue
Chris Plummer, a cybersecurity engineer at Gmail, was the first to discover that the scammers had manipulated the Gmail BIMI system. They tricked Gmail into treating their fake brands as real ones. This allowed the scammers to bypass the purpose of the system, which is designed to build user trust.
Plummer immediately reported his findings to Google. They hoped that Google would respond quickly and fix the vulnerability. Google initially ignored his findings. They called it "expected behavior." This caused dissatisfaction among security experts and users.
Due to the attention Plummer's tweet attracted and the subsequent viral spread of the issue, Google quickly realized the seriousness of the problem. The company acknowledged the error and made it a top priority to fix it.
In a statement to Plummer, Gmail's security team thanked him for his continued efforts to raise awareness of the issue and assured him and the user community that the vulnerability is being addressed.
Prevention: Working to solve the problem
Gmail's security team is actively working to resolve a vulnerability in Gmail's BIMI authentication system. They apologized for the confusion caused. They also expressed their commitment to quickly resolve the issue.
A fix is currently underway. The Gmail security team's goal is to keep users informed of their assessment and direction to resolve the issue. While waiting for a fix, Gmail users must remain vigilant and exercise caution when handling suspicious emails.
Update: Understanding the scope of the problem
Some recent developments investigated Gmail's logo verification system. They showed how scammers can exploit the system and what this means for other email services.
Jonathan Rudenberg, a debugger on the Gmail security team, replicated the hack on Gmail and demonstrated that other major email services were vulnerable to similar attacks.
The revelation raised concerns in the security community about the vulnerabilities and poor implementation of Gmail's authentication methods.