Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Google Communications Privacy Security

Does Gmail's New 'Confidential Mode' Make It Easier to Phish? (vortex.com) 82

Gmail's new confidential mode lets its users create "expiration dates" for emails, or require recipients to provide an SMS passcode. (And Google also claims they've removed the option to forward, copy, download or print messages.)

But Slashdot reader Lauren Weinstein warns that Google is also opening up a new vector for phishing emails: The problem arises since non-Gmail users cannot directly receive Gmail confidential mode messages. Instead...when a Gmail user wants to send a non-Gmail user such a message, the non-Gmail user is instead sent a link, that when clicked takes them to Google's servers where they can read the confidential mode message in their browser.

The potential risks for any service that operates in this way are obvious. Those of us working on Internet security and privacy have literally spent many years attempting to train users to avoid clicking on "to read the message, click here" links in emails that they receive. Criminals have simply become too adept at creating fraudulent emails that lead to phishing and malware sites.

This discussion has been archived. No new comments can be posted.

Does Gmail's New 'Confidential Mode' Make It Easier to Phish?

Comments Filter:
  • Okay Google... (Score:5, Insightful)

    by Desler ( 1608317 ) on Thursday May 10, 2018 @07:09PM (#56592056)

    And Google also claims they've removed the option to forward, copy, download or print messages.)

    So then you just print screen or take a picture of the email and then just transcribe it?

    • by Desler ( 1608317 )

      Also how can Google stop someone from doing these things if the recipient doesn’t use Gmail?

    • Re:Okay Google... (Score:4, Insightful)

      by kriston ( 7886 ) on Thursday May 10, 2018 @10:02PM (#56592826) Homepage Journal

      Yep. Like a marketing company that wanted to display product concepts in a way that the user could not save the image or print it.

      Print Screen aside, it didn't occur to them that the user could just take a photograph of the screen. This was before smart phones but after digital cameras and the Print Screen function (just hit PrtSc, open Paint, and Edit...Paste) had been there for at least a decade.

    • by eddeye ( 85134 )

      And Google also claims they've removed the option to forward, copy, download or print messages.)

      So then you just print screen or take a picture of the email and then just transcribe it?

      Better yet - stop using gmail altogether. It's my email and my web browser. I decide what data to copy / forward / download... not some prick with a sloppy javascript hack.

    • Also why is Google trying to re-invent PGP and S/MIME, badly ?

      These already work nicely for confidential information :
      only the person holding a private key for which a message was encrypted can every see the actual message.

      If an encrypted message ends up in the wrong hands, that mistaken destinary will NOT be able to open it anyway due not missing the private key.

      The only difference is that a *decrypted* message could be copied-and-pasted from and a user could end up repackaging the information in another

      • Your solution still works. They didn't break that.

        This works for those people who want some extra security without having to walk family that live across the country how to decrypt the email they just got from you

  • by war4peace ( 1628283 ) on Thursday May 10, 2018 @07:09PM (#56592060)

    "Those of us working on Internet security and privacy have literally spent many years attempting to train users to"

    So... tell me your success stories.

    • "Those of us working on Internet security and privacy have literally spent many years attempting to train users to"

      So... tell me your success stories.

      You have to admit, this is a hellava awesome attack vector. Just spoof a gmail confidential email - what ever could go wrong? Ima grab me some popcorn!

      • I quit trying to train lusers long ago. Too many corporate types training them to be insecure. Hiding extensions, active-x, hiding email addresses, link shortening, click link to install, auto-start. Idiot proofing forces the evolution of better idiots
        .

    • So... tell me your success stories.

      The Uni I work at warns people about phishing, and has an address to forward phishing attempts to to report them. Here's the success stories:

      1. Employees are required to fill out a timesheet once a month showing vacation, sick, etc days. This used to be paper. It is now a web form -- on a site external to the Uni but which requires a login using the Uni credentials. There are daily email reminders with a link to the site that start showing up on the first day of the month.

      2. The Uni purchasing people don'

      • by Anonymous Coward

        The "cloud" as a whole with corporate SSO integration is going to completely undo the years of hammering stuff not to do online and with email into peoples heads. I just recently started a job with a company that is somewhat in between the phase of a start up and "going corporate" Just about EVERYTHING they do is hosted in the cloud. It probably wouldn't take very much work to social engineer or click bait some corp login credentials out of these people.

        • by Anonymous Coward

          The way we do it is to have an internal domain where the resolver answers all subdomains directed at it with a CNAME, so timesheet.redirect.example.com points to redirect.example.com. On that address is a webserver where a simple Python script that checks the requested URL and host in an sqlite3 database. If found, it returns a 303 with the proper address, and if not found, returns a 404. That way, people only see internal addresses in emails and we can change the endpoint as the vendors demand without p

      • Wow. Why in the world was this post modded down? I'm really curious what made this post worth downmodding?

        I am starting to think that Slashdot should change their no posting on stories you moderate and replacing it with requiring a public post (anonymous) explaining the reason for the mod

    • by LQ ( 188043 )
      There are products like Mimecast's URL Protect that validate links and train users on link safety.
  • Yes. It'll make it incredibly simple to fish not only Gmail "users", but also people who receive email from Gmail "users". If this is implemented, I'll just set our mail servers to send all of these messages straight to the trash.
  • has to ad.
    So the service links have to stay deep in their free networks to ensure the encrypted ads get seen by consumers.
  • by BLToday ( 1777712 ) on Thursday May 10, 2018 @08:25PM (#56592428)

    Microsoft has had this service for awhile: confidential and expiring email. If you’ve done a loan or bought house in the last two years, you may have encountered it. Usually the loan or escrow company calls me ahead and tell me to expect it. So the best practice for these type of emails would be don’t click unless you’re expecting it.

  • This is at least the second " Slashdot reader Lauren Weinstein " story in as many days.

    Both have been some kind of speculative ... stuff.

    So, what's the deal? Why is she (or "she" - have you actually met her?) the new Jon Katz?

    • by Zocalo ( 252965 )
      He's a US blogger that spams every single post to his personal blog to the Slashdot submissions queue and then somehow manages to get it almost instantly upvoted to a red rating, presumbly as some kind of lame attempt at SEO and generating views. (Note that I'm assuming that the Slashdot config isn't so lame as to have the queue indexed due to the amount of spam that gets posted to it, presumably also for attempted SEO via backlink reasons). It's mostly opinion pieces, often misguided and/or misinformed,
  • by just another AC ( 2679463 ) on Thursday May 10, 2018 @09:32PM (#56592722)

    Everyone in the world should just use Gmail then. Duh!

    Cheers
    L. Page & S.Brin

  • by fahrbot-bot ( 874524 ) on Thursday May 10, 2018 @10:32PM (#56592966)

    How does this work if you use POP (or IMAP) to get your messages from Gmail using, say, Thunderbird? If I get a link, I imagine I'll either ignore confidential mode messages or send a reply asking the sender to not be a dick and try again.

    • by Zocalo ( 252965 )
      You get the link to the webpage, same as any other system that Google doesn't have 100% control over. You'll only get the original email through the GMail web interface, GMail App, or the click-through page. In otherwords this entire system hingles on the ability of Google to successfully block "Save As" functionality (e.g. an arms race with browser plugin authors that attempt to keep it enabled), convince people that it actually has value, and that mail admins won't simply start blocking the emails outri
    • by Moskit ( 32486 )

      "Legacy" POP3 and IMAP will eventually be disabled, as they don't offer full range of modern features to the minority of users. It will be likely justified by lack of security (2FA?).

  • This Confidential Mode "feature" seems problematic and/or just a way to force people to interact with your servers. It adds a non-standard operational mode to Email and will cause problems and security concerns (like the aforementioned Phishing concern) for people who use email clients, like Thunderbird, with POP / IMAP to access their email -- not everyone likes using a browser (or your mobile app) for email. Stop making things unnecessarily complicated. If you're committed to supporting this impending du

  • by fahrbot-bot ( 874524 ) on Thursday May 10, 2018 @11:03PM (#56593066)

    So Google will send non-Gmail users (and presumably Gmail users using POP/IMAP) an email containing a link to the actual confidential email. But the first rule in *every* spam and anti-phishing training course -- which people are routinely required to take at work (I know I was) -- is: Don't click on links in email messages. Nice going Google.

  • Google was until now collecting your phone number directly from you, if you had a Google account.

    Now if the sender wants to use "confidential" mode on email to you (apparently regardless if you have gmail or other account), he has to provide Google your phone number so that SMS passcode can be sent.

    Clever marketing people just bought a bunchload of useful private information input by "Mechanical Turks" paid with "security". As already pointed out many times here it is painfully easy to screenshot those

  • Google already detects phishing emails and will most likely detect any pretending to be one of its own. But I have news from the year 2018... I get emails with links ALL THE TIME: Amazon suggestions and offers, gift cards, social network notifications, security advisories, updates from services I'm a customer of, etc. So if you want to prevent users from clicking on links received by email you already lost that battle.

    ... and phishing with emails pretending to be from the bank, FedEx, a social network or M

  • Everyone should immediately delete the notifications, rather than worry about whether or not they're phishing attempts.

  • I don't click links - that's how all spam comes. We've spent years teaching people "don't click Links in email - even if it comes from a friend -- it might be phishing"

    Therefore - many people will look at these emails with suspicion and recall "don't click the link" -- thus turning this product feature into Allo. Did anyone click the SMS link when a friend sent you a message?! nope. Dead product.

    of course my personal demographic probably won't use this feature anyhow. As Mark Z (sort-of) said, "If you

  • The only question in my mind was which crimes did Google intend to make easier to hide with this new feature. My guess is it was intended to make corporate crimes easier to hide, and that making phishing easier was just a side effect.

A physicist is an atom's way of knowing about atoms. -- George Wald

Working...