Gmail’s ‘Confidential Mode’ May Expose Users to Phishing Scams, Raises Red Flags at DHS
A new Google Mail feature has caused the Department of Homeland Security (DHS) to raise concerns about users’ privacy and security. According to reports, Gmail’s new “Confidential Mode” can be used to instigate scams like phishing.
In April, Google revamped Gmail’s look. Along with a sleek, new user interface, the company also introduced several new features, including auto-generated smart replies, the capacity to put a message on snooze and the Confidential Mode.
However, the new Confidential Mode reportedly raised some red flags at the DHS prompting it to issue an alert regarding the “potential emerging threat…for nefarious activity” the new feature could introduce.
This new mode runs the risk of creating false expectations around security and privacy in Gmail, and will make it harder for users to find other, more secure communication alternatives. https://t.co/JvkuMnjR61
— EFF (@EFF) July 22, 2018
Gmail’s Confidential Mode apparently allows the user to control how their emails can be viewed and shared. For instance, the recipient of the email won’t be able to print or forward it. Users can also set an “expiration date” so that their email will self-destruct or automatically delete itself from the recipient’s inbox. There are also other layers of protection that can be utilized, like a text message code.
While the features provided for a Confidential email seem fool-proof, it can actually open up a can of security worms. This is because non-Gmail users who receive a Confidential email will be asked to click on a link to access it. Scammers can take advantage of this process to create and send out fake confidential emails. Once the non-Gmail users click on the link, they can be tricked into giving out their private information. This is known as phishing.
A DHS spokesperson confirmed that they have already reached out to Google “to inform them of intelligence relevant to their services and to partner to improve our mutual interests in cybersecurity.”
Meanwhile, Brooks Hocog, a spokesman for Google, reassured users about the company’s commitment to protecting their users’ security. He stated that Google has already developed “machine learning” algorithms that can detect phishing scams, downplaying the issue.