If you think scammers are always those sophisticated code-cracking hackers you see on TV, think again. Sometimes, minor glitches in software programs make scamming other people easier than it should be.
It's happening right now with a popular Android app with an extremely reputable name. A name you'd never expect to have a bug like this: Gmail.
Back in October, independent researcher Yan Zhu notified Google of an unusual bug she discovered in the Gmail app. The bug works only in the original Gmail Android app, and allows users to send emails that look like they were sent from someone else.
To do this, users don't need to override or rewrite any code. They simply have to change their display name in their account settings. Doing so hides their real name and email address, and those receiving the email won't be able to see it.
At first glance, you might think this could be used by teenagers looking to prank their friends. But it's extremely concerning when you realize what could happen if this information fell into the wrong hands. Phishing scams are already a huge problem, and this just makes it easier for scammers to trick you into thinking they're someone else.
Just look at how simple it was for Zhu to send an email that looked like a security notice from Google.
To send this email, Zhu only had to change her name and add an extra set of quotation marks in the email address. This extra set of quotation marks is what triggered the bug. For example: ""firstname.lastname@example.org"
What's really concerning is the fact that Google's security team didn't jump on a solution once Zhu brought the issue to their attention. Instead they dismissed the report, stating, "Thanks for your note. We don't consider this to be a security vulnerability."
That was when Zhu decided to make the issue public. She released a tweet about the bug on Twitter, calling Google out on their lack of interest.
filed a gmail android bug that lets me fake sender email address. they said it's not a security issue. ¯_(ツ)_/¯
— yan (@bcrypt) November 11, 2015
So far, Google has still not responded to Zho's request or resolved the issue. But some users on Twitter have thought of a way to bump this up on Google's priority list.
@bcrypt Send the email from Sergey or Larry and tell them it's a high priority bug that they need to fix immediately. Problem solved.
— Phred (@fearphage) November 11, 2015
Once again, this news serves as a reminder of how important it is to protect yourself online. Always be cautious with your browsing, and only download software from reputable sites. Also, be sure to install an anti-virus/anti-spyware program, which will warn you if you've downloaded something malicious. This keeps you aware of potential threats before your computer has been compromised.
What do you think? Are you concerned by Google's lack of interest in this security threat? Let us know in the comments below.