As Google revamps Gmail with new features as part of its redesign, cyber security officials in the US claim that the email service could expose personal data of its users. ABC News, which obtained an intelligence note from the Department of Homeland Security (DHS), reported that Gmail’s ‘Confidential Email’ mode has vulnerabilities that could create phishing risks, and expose private information.
Gmail’s ‘Confidential Email’ feature requires that users receiving such an email click on a link to access the confidential message. According to the DHS alert, this will allow hackers a window into user’s emails, through the redesign of Gmail. DHS spokeswoman Lesley Fulop told ABC News, “We have reached out to Google to inform them of intelligence relevant to their services and to partner to improve our mutual interests in cybersecurity.” These links could be used by hackers to lure users into revealing sensitive personal information via ‘trustworthy’ emails, a phenomenon termed as phishing. The DHS intelligence note states that ‘malicious cyber actors’ could get an opportunity to conduct phishing, by mimicking the contents of an email message.
‘Confidential Email’ allows Gmail users to access content through a link, through which users can choose to prevent the forwarding, copying, downloading or printing of emails. Also, users can set an expiry date for confidential emails, to ensure limited validity, or revoke access to the same from the recipient, even after the email is sent. In addition, users can protect emails by asking the recipient to enter two-step authentication.
Gmail users should note that the redesigned email platform will continue to allow users to send ‘Confidential Emails’. On the other hand, users will receive such emails, only if they activate the ‘Confidential Emails’ feature. Also, this vulnerability will affect those users who operate Gmail via third-party services like Apple Mail and Outlook.