New Gmail warning<\/p>\n
NurPhoto via Getty Images<\/p>\n
Just days after Google confirmed it is bringing its next AI upgrade to Gmail, with major privacy implications<\/a>, there\u2019s more good and bad news for the 3 billion users relying on Google to deliver secure, spam-free email to their phones and computers. It turns out that a dangerous email attack has operated under the radar for years \u2014 until now.<\/p>\n First to the good news. Google\u2019s tightening restrictions on the mass delivery of spam emails to your inbox is working and it\u2019s having a devastating impact on the industry spawned to plague you with marketing messages. \u201cOver the last year,\u201d website MarTech<\/a> says the industry has seen \u201cengagement rates (open and click rates, especially) drop considerably. Their emails only show up in the inboxes of people already engaging with the brand. For most subscribers, the emails are getting flagged as spam.\u201d<\/p>\n ForbesNSA Warning\u2014Change Your iPhone, Android Message SettingsBy Zak Doffman<\/a><\/p>\n This is having the desired effect, albeit \u201cfor many of these brands, this is the first time they have encountered this issue [and] for brands with a recent history of combatting spam labels, normal mitigation practices have either been unsuccessful or only effective in the short term.\u201d Bad for brands and marketeers, good for email users.<\/p>\n Be warned, though, the industry is shaping new advice to bypass the new measures. \u201cEmail deliverability is more of an art than a science,\u201d says Martech. \u201cEnsure your team maintains an open dialogue about strategies to stay out of the spam folder, and test initiatives that have proven effective for similar brands.\u201d And it comes with a list of new tricks and techniques.<\/p>\n Apple\u2019s own spam crackdown has had the same effect, but the Gmail impact is much greater. According to Statista<\/a>, \u201cGmail and related e-mail addresses given out by Google positively dominate the U.S. market,\u201d this despite the latest privacy warnings, with its new AI upgrade leaving \u201cmany users feeling anxious and appalled at the thought that a generative AI would be reading their personal emails.\u201d<\/p>\n For its part, when asked about the new AI upgrade Google told me \u201cour priority is respecting our users\u2019 privacy while giving them choice and control over their data. To that end, this particular tool is one of the ‘smart features\u2019 that users can control in their personalization settings.\u201d You can read more about those privacy settings<\/a>.<\/p>\n Gmail versus the rest<\/p>\n Statista<\/p>\n But Gmail (and other) security restrictions are not bulletproof \u2014 far from it. Infloblox<\/a> warns it \u201crecently discovered a DNS technique used to tailor content to victims.\u201d This works by way of a \u201cphishing kit that creatively employs DNS mail exchange (MX) records to dynamically serve fake, tailored, login pages, spoofing over 100 brands.\u201d The attacks evade detection by exploiting the DNS over HTTPS (DoH) upgrade, and also a raft of mass emailing spam techniques.<\/p>\n According to the research team, \u201cmost of the hyperlinks in the spam emails use domains related to compromised WordPress websites, URL shorteners, or free web hosting.\u201d This includes \u201cabusing legitimate adtech infrastructure to generate redirect links to the phishing webpages. They also exploit open redirect vulnerabilities on DoubleClick, an advertising network owned by Google.\u201d<\/p>\n As Bleeping Computer<\/a> explains, the operation dubbed Morphing Meerkat \u201ccan impersonate more than 114 email and service providers, including Gmail, Outlook, Yahoo, DHL, Maersk, and RakBank, delivering messages with subject lines crafted to prompt urgent action like \u2018Action Required: Account Deactivation\u2019.\u201d<\/p>\n One devious twist in these attacks is that after serving malicious email login pages to steal credentials, an attack then redirects to real email login pages to avoid suspicion and leave a user thinking they had mistyped their credentials. The days of passwords for account access must now come to an end. While two-factor authentication (2FA) helps, in its simplest forms it is vulnerable. All Gmail users should setup passkeys and ensure the strongest form of 2FA is is in place for passwords left in place as a backup.<\/p>\n