Gmail is one of the most commonly used free email services, with 1.2 billion users spread across the world - a number that is actively increasing. Being such a popular service can of course attract the wrong attention, making Gmail users a prime target for cyber attackers, and their security measures just can't keep up.

 

landing-gmail

 

 

The Vulnerabilities

One of the biggest security issues with Gmail is that it's not just about your emails. All Gmail users instantly gain access to a Google account with many free services such as Google Drive, Google Calender and Google Docs. Of course, these are all connected through the same account, so if your email is breached the attacker would easily be able to access data from all of these points too.

On top of this, Google is known for scanning and storing its users' personal data for targeted adverts; this data can include phone numbers, locations visited, and even financial information, which - again - draws unwanted attention from cyber criminals.

 

Targeted Attacks

There have been many examples over the years of targeted attacks on Gmail users. In 2017 a highly effective phishing email was used which included an image identical in appearance to the icon used by Google to display an attachment - when clicked the user would be taken to a page that looks just like the Google login screen, with any inputted data of course going straight to the attackers.

gmail phish

 

 

 

 

 

 

 

 

 

A more recent example, coming from earlier this year, took advantage of the way Google processes email addresses - this is because of their 'dots don't matter' policy, meaning that the emails 'johnsmith@gmail.com' and 'john.smith@gmail.com' would be viewed as identical, no matter how many full stops you add. Using this security flaw, hackers would try to fool users into paying for their Netflix services - a website that does register punctuation.

The trickiest part of this attack is that the victim would receive a genuine email from Netflix asking for an updated payment method; only upon close inspection would the victim notice that the recipients email address was identical to their own, apart from one dot.

 

Additional Email Security

With Altinet's Managed Email Security it's easy to block email-borne threats and keep your data safe, with features such as email encryption - which not only stops people from viewing your message without the proper decryption code, but also helps with compliance - and advanced threat protection, which stops threats that evade normal detection techniques. For more information about our fully managed email security solution, visit our website.

 

Sources:

BGR

Newsweek

Seeking Alpha