SoylentNews is people
SoylentNews
Google will use authenticated logos to reduce Gmail phishing:
Google will trial a new security feature in Gmail that shows a brand's logo as an avatar to help you know an email is genuine, the company has announced. The functionality uses the Brand Indicators for Message Identification (BIMI) standard, whose working group Google joined last year, and will be tested with a limited number of senders in the coming weeks.
According to Google, authentication with BIMI can make recipients more confident about the source of an email, which scammers try and obscure to get people to click on malicious links and/or give up their personal details in a phishing attack. Google will use BIMI in conjunction with another technology, DMARC, which tries to stop scammers from forging the "from" address of an email to pretend it's coming from a legitimate source.
As Engadget notes, the technology is similar to verified badges social networks use for official celebrity and brand accounts. Google says it's using two Certification Authorities to validate who owns any particular logo: Entrust Datacard and DigiCert. Google expects to make BIMI more widely available for brands to use in the coming months.
(Score: 5, Insightful) by MostCynical on Saturday July 25 2020, @10:50AM (8 children)
there is no need for html, links, buttons, forms, or any thing but text in an email.
send a message, don't make people click to go to your website..
These 'secure'/identity-management-secure companies even fucked up phone calls - "Hello, this is your bank, could you please prove you're you?"
No one should be surprised email is broken.
Email really shouldn't have attachments, either, but dumb attachments could be okay - if MS hadn't screwed things and exe files couldn't hide in things pretending to be '.doc' or '.ppt'
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 5, Interesting) by cockroach on Saturday July 25 2020, @11:16AM (6 children)
I don't think this is using attachments. If I understood it correctly, it works via DNS -- you basically add your image to DNS and if your SPF etc. records are correct, they will show your logo.
The whole thing does sound a bit like "pay us to have your messages more visible in gmail" to me though...
(Score: 2) by looorg on Saturday July 25 2020, @01:36PM (5 children)
So it just adds another level of the scamming then, first you take over some unprotected mail server of (company) and then you start sending out spam via it and the logo will appear? or?
(Score: 0) by Anonymous Coward on Saturday July 25 2020, @01:48PM (3 children)
> adds another level of the scamming
That was my thought too. Escalation usually doesn't end conflict...but in this case I'm not sure what would be better. We can always wish for some way to locate the scammers and nuke from orbit, but there are so many more scammers that will pop up elsewhere.
(Score: 2, Insightful) by Anonymous Coward on Saturday July 25 2020, @02:27PM
That's likely the case, the only thing that is likely to actually end this, is if people were to stop being so stupid about what they click on. If people would stop falling for this stuff, the profits would dry up to the point where there's little point in trying such scams. But, just like with spam, enough dumb asses keep clicking that it continues.
(Score: 1) by gmby on Saturday July 25 2020, @02:33PM (1 child)
Agree....
Instead of "Wack-a-Mole" we need Wack a Scammer!
Big sticks made of printouts of the SPAM they send out. So the more they send the bigger the stick!
I'll wait in line for my turn.
Oh and put a quarter slot on it too; to pay for the blood cleanup of course.
Bye
(Score: 0) by Anonymous Coward on Saturday July 25 2020, @11:06PM
Or really, spank-a-banker, they're ultimately the ones that are enabling it. Changing the system so that the party sending the money has to actually send the money rather than allowing other institutions to request money would make a huge difference in terms of how likely people are to get scammed. Or, at bare minimum when a bank or other party requests money be transferred, there should be some sort of a positive verification required of that.
Doing that would likely cut down a ton on these sorts of things. Of course, in the US, we won't get that because it would require bankers to get off their lazy asses and do something positive for society, so it's not happening any time soon.
(Score: 1, Insightful) by Anonymous Coward on Sunday July 26 2020, @01:57AM
[accent]Hello, this is 'Steven' from Google Support. Sir, as you can see, our genuine logo is on that email that we (hacked) sent to you....[/accent]
(Score: -1, Offtopic) by Anonymous Coward on Saturday July 25 2020, @04:49PM
Nothing for you to see here. Please move along.
?
No discussion or comments found for this request. To create your own discussion, please use journals. (You must be logged in to create a journal entry.)
?
Windows?