The new encrypted messaging feature of Gmail opens a door for fraud

Google announced at the beginning of April that it launches a simplified tool that allows business users to easily send Email messages “encrypted from end to end”– An effort to address the old challenge of adding additional safety protection to emails. The feature is currently in the experimental version of the institution’s users for its experience within their institution. It will then expand to allow Google users to send encrypted email messages to a tip to any Gmail user. By the end of the year, the feature will allow users of the work space to send the safest emails to any mailbox. Nevertheless, researchers via email and digital fragrance warn that although the feature will provide a new option for e -mail and safety privacy, it will inevitably move on new hunting attacks.

Effectiveness to one side is the protection of keeping the data whipped at all times except for the sender and recipient devices, and it is difficult to in addition to the historical email protocol. The mechanisms of doing this are usually very complex and expensive for implementation, and they have no meaning except for large organizations trying to meet the specific compliance requirements. In contrast, Google’s encrypted email tool is easy to use and does not require it significantly. Nevertheless, the scenario in which digital fraud researchers feel more anxious, in relation to the condition in which the work space user sends an e -mail from the end to the end to a non -Gmail user.

“When the recipient is not from a Gmail user, Gmail sends them an invitation to display E2e in a restricted version of Gmail,” Google wrote in a blog post. “The recipient can then use the Google Google business account to display it safely and respond to the email.”

Fear is that the fraudsters will benefit from the new communication mechanism and safety by creating false copies of these invitations that contain harmful links, and quick goals to enter their login accreditation data on their email, individual login services, or other accounts.

“Given the implementation of Google, we can see that it provides a new workflow for users without Gmail-which leads to receiving a link for an email.” “Users may not be exactly aware of what the legitimate invitation looks like, making them more likely to click on a fake one.”

Looking at the technical mail technical restrictions, Google created a way to automatically manage the Foundation’s work – uses encrypted messages. The main management is what makes the email to comprehensive encryption very difficult, so providing an easy solution to customers is a departure from what is currently available. The fact that the organization’s work space controls the keys instead of storing it locally on the recipient’s sender and devices means that the feature It does not completely qualify as an encryption from one side to the tip In a strict sense of the term. But researchers say that for use cases such as compliance with business, the tool can remain very useful. And individuals who want to use encrypted contacts from a run A application designed for this purpose such as signal.

When Gmail users receive one of the new encrypted email messages from the Google Working Space user, the wide Google group of dynamic random mail filters and fraud detection mechanisms will be playing to protect from unwanted messages, and rusty artillery, widely. But Google’s e -mail email will also be able to receive encrypted email invitations, making the service available to anyone, but will also leave non -floors users for their own devices.