A new feature added in the recent Gmail redesign could present an ’emerging threat’ to users, US intelligence officials have warned.
The new feature, known as ‘Confidential Mode’, could leave an increased number of users susceptible to attacks from cyber criminals.
The Department of Homeland Security (DHS) circulated an intelligence note to US law enforcement, as well as government cybersecurity workers.
‘Confidential Mode’ allows users to set an expiry date on sensitive emails and add two-factor authentication to their communication.
However, this requires users to click a link in order to access sensitive emails.
DHS agents cautioned that hackers pretending to be someone else to gain access to users’ personal information are likely to send-out mass scam messages containing fraudulent versions of these confidential links.
US officials said the new tool presents a ‘potential emerging threat … for nefarious activity’, adding that all of Gmail’s 1.4 billion users worldwide are at risk.
More than a billion Gmail users could be at risk of attacks by cyber criminals after US intelligence officials uncovered a vulnerability in one of the service’s new features. They said Gmail’s Confidential Email tool leaves users susceptible to phishing attacks (Stock)
Phishing attacks steal sensitive information, including passwords, contact details, credit card and payment information, by tricking users into handing over their information.
Cyber criminals often strike over email, posing as a bank or other online service to trick users into entering your private details into a fraudulent online form or website.
In a note distributed to law enforcement and spotted by ABC News, the Department of Homeland Security cautioned that ‘Confidential Mode’ presented an entirely-new route for phishing attacks.
Hackers could ‘mimic the e-mail message and phish unwary users,’ officials warned.
Google has created an opportunity where ‘malicious cyber actors could exploit the recent Gmail redesign’, the official intelligence note adds.
The note was sent as part of the DHS’ ongoing efforts to keep up with threats posed to major computer networks, including those operated by government agencies, banks and major businesses.
The Department of Homeland Security warned that hackers purporting to be someone else could send out mass scam messages containing fake Confidential Email links that steal people’s data (stock image)
The DHS informed Google of the potential vulnerability and offered to partner with the search firm to help improve the feature, a spokesperson told ABC.
Google says the new features do not pose any additional security risk beyond what internet users are already exposed to online.
Gmail users can activate the new confidential mode when drafting an email to add extra security to messages containing sensitive information.
Users can block recipients from forwarding or printing the email, add a ‘self-destruct’ timer to messages, or require that users click a link before reading.
Gmail’s confidential tool can be activated when drafting an email to add extra security to messages containing sensitive information. Users can add a time limit to emails (pictured) or block recipients from forwarding or printing the message
This feature ensures the person reading the email is the intended recipient.
Google confirmed it had spoken with the Department of Homeland Security, but stressed that the new feature posed no additional security risks.
A spokesperson for Google said Gmail already had AI spam-detection systems in place to spot phishing emails and block them before they reach people’s inboxes.
But an expert told ABC that the tool still poses a risk to users because it normalises the process of blindly clicking links within emails.
John Cohen, former acting undersecretary of the Department of Homeland Security, said: ‘[It] may actually place users at a higher risk because it may support a pattern of behavior where people click on links they receive.’