Most of us don’t think too much about the ‘From’ address field on our emails, it’s filled in by your mail program or web service. At the recipient’s end security tools can check this against the sending server to verify that the mail is legitimate.
But hold on a second, an SMTP relay server between the server and the inbox allows messages through even though the addresses don’t match. This is how organizations send out mass mailings without them getting blocked.
Gmail has this facility, making it possible to route outgoing non-Gmail messages through Google servers. But researchers at Avanan have discovered that hackers are manipulating Google’s service to spoof reputable brands and send out thousands of emails that bypass security tools and land directly inside users’ inboxes.
The hackers are taking advantage of a flaw in Google’s SMTP Relay service to send out phishing emails that are more likely to arrive unmolested in inboxes. Avanan has seen a massive increase in attacks, with over 27,000 of these emails in just two weeks of April.
Google was notified of the flaw on April 23rd. Meantime to guard against attacks it’s recommended to check the sender address before interacting with any email, use an email security solution that uses multiple indicators to determine if a message is malicious, and always hover over any links to see the destination URL before clicking on it.
A spokesperson for Google says, “We have built-in protections to stop this type of attack. This research speaks to why we recommend users across the ecosystem use the Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol. Doing so will defend against this attack method, which is a well-known industry issue.”