Gmail Glitch Enables Anonymous Messages in Phishing Attacks
(Nov 20, 2018)
A vulnerability in Google’s Gmail has been uncovered that could allow a threat actor to leave the “sender” display blank which would allow an email to be sent from “anonymous.” Software developer, Tim Cotten, discovered that Gmail’s User Experience (UX) designs allows the “from” field of an email to be forged by inputting the intended person’s name with a large and arbitrary tag, resulting in the email being from “anonymous” with a blank “from” field. This flaw could allow for threat actors to take advantage of the anonymity and exploit that for phishing attacks. Google has been notified of the problem, but has yet to fix it.
Recommendation: Educate employees on the dangers of phishing emails and teach them how to detect malicious emails. Emails from anonymous sources should not be trusted.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.