How To use a Vulnerability In Gmail
Gmail Follows a strick rule that does not allow its users to have their first or last name contain the term Gmail Or google That is while signing Up For A gmail account, the user can't set a first or last name that contains the Gmail And Google.
As You Can See This from the below snapshot;
This rule is implemented by Gmail for obvious security reasons. If the users are allowed to keep their first or the last name that contains the term Gmail or Google, then it is possible to easily impersonate the identity of Gmail (or Gmail Team) and engage themselves in phishing or social engineering attacks on the innocent users. This can be done by simply choosing the first and last name with the following combinations:
First Name Last Name
Gmail Team
Google Team
Gmail Password Assistance
From the above snapshot we can see that, Gmail has made a good move in stopping the users from abusing its services. However this move isn’t just enough to prevent the malicious users from impersonating the Gmail’s identity. This is because, Gmail has a small vulnerability that can be easily exploited so that, the users can still have their name contain the terms Gmail or Google. You may wonder how to do this. But it is very simple:
Log in to your Gmail account and click on Settings.
Select Accounts tab.
Click on edit info.
In the Name field, select the second radio button and enter the name of your choice. Click on Save Changes and you’re done!
Now, Gmail accepts any name even if it contains the term Google or Gmail. You can see from the below snapshot:
Allowing the users to have their names contain the terms Gmail or Google is a serious vulnerability even though it doesn’t seem to be a major one. This is because, a hacker or a malicious attacker can easily exploit this flaw and send phishing emails to other Gmail users asking for sensitive information such as their passwords. Most of the users don’t even hesitate to send their passwords as they believe that they are sending it to the Gmail Team (or someone authorized). But, in reality they are sending it to an attacker who uses these information to seek personal benefits.
So, the bottom line is, if you get any emails that appears to have come from the Gmail Team or similar, don’t trust them! Anyone can send such emails to fool you and take away your personal details. Hope that Gmail will fix this vulnerability as soon as possible to avoid any disasters
0 comments:
Post a Comment