Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations
Make a sustaining gift today to support local journalism!

Manchester resident finds phishing vulnerability in Gmail update

 Multiple blue wires plug into a machine.
jdurham
/
Morguefile

A New Hampshire resident recently caught a security bug on a Google email platform used by more than a billion people — and the company now lists the vulnerability as a top priority fix.

Cybersecurity architect Chris Plummer, who lives in Manchester, said he received a Gmail message last week that appeared to come from a verified sender, but it seemed suspicious.

“The body of the message really had nothing in it,” Plummer said. “But what it did have was a UPS logo that had been applied by Google to the message.”

The email also had a verification mark on it, as part of a new feature to label email senders checked by Google. Plummer said it seemed more serious than a typical piece of junk mail.

“I knew this was almost certainly a bug in Gmail,” he said. “This had the possibility to allow complete strangers to impersonate a major brand like UPS and convince Google that the message was authentic.”

Plummer reported the glitch to Google. At first, he said, the company dismissed his complaint. But Plummer also shared his findings on Twitter — and after his post gained traction, the company revisited the bug.

“Google completely changed their mind, which was unbelievable,” he said. “In fact, I had a personal outreach from someone who worked at Google and said, ‘Listen, we’re really sorry about this, we got it wrong.’”

Plummer said he hopes this story brings attention to how even big platforms can be vulnerable to email scams.

Related Content

You make NHPR possible.

NHPR is nonprofit and independent. We rely on readers like you to support the local, national, and international coverage on this website. Your support makes this news available to everyone.

Give today. A monthly donation of $5 makes a real difference.