Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Saturday July 25 2020, @10:10AM   Printer-friendly
from the how-is-your-dmarc-coming? dept.

Google will use authenticated logos to reduce Gmail phishing:

Google will trial a new security feature in Gmail that shows a brand's logo as an avatar to help you know an email is genuine, the company has announced. The functionality uses the Brand Indicators for Message Identification (BIMI) standard, whose working group Google joined last year, and will be tested with a limited number of senders in the coming weeks.

According to Google, authentication with BIMI can make recipients more confident about the source of an email, which scammers try and obscure to get people to click on malicious links and/or give up their personal details in a phishing attack. Google will use BIMI in conjunction with another technology, DMARC, which tries to stop scammers from forging the "from" address of an email to pretend it's coming from a legitimate source.

As Engadget notes, the technology is similar to verified badges social networks use for official celebrity and brand accounts. Google says it's using two Certification Authorities to validate who owns any particular logo: Entrust Datacard and DigiCert. Google expects to make BIMI more widely available for brands to use in the coming months.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Saturday July 25 2020, @01:48PM (3 children)

    by Anonymous Coward on Saturday July 25 2020, @01:48PM (#1026154)

    > adds another level of the scamming

    That was my thought too. Escalation usually doesn't end conflict...but in this case I'm not sure what would be better. We can always wish for some way to locate the scammers and nuke from orbit, but there are so many more scammers that will pop up elsewhere.

  • (Score: 2, Insightful) by Anonymous Coward on Saturday July 25 2020, @02:27PM

    by Anonymous Coward on Saturday July 25 2020, @02:27PM (#1026165)

    That's likely the case, the only thing that is likely to actually end this, is if people were to stop being so stupid about what they click on. If people would stop falling for this stuff, the profits would dry up to the point where there's little point in trying such scams. But, just like with spam, enough dumb asses keep clicking that it continues.

  • (Score: 1) by gmby on Saturday July 25 2020, @02:33PM (1 child)

    by gmby (83) on Saturday July 25 2020, @02:33PM (#1026166)

    Agree....
    Instead of "Wack-a-Mole" we need Wack a Scammer!
    Big sticks made of printouts of the SPAM they send out. So the more they send the bigger the stick!
    I'll wait in line for my turn.

    Oh and put a quarter slot on it too; to pay for the blood cleanup of course.

    --
    Bye /. and thanks for all the fish.
    • (Score: 0) by Anonymous Coward on Saturday July 25 2020, @11:06PM

      by Anonymous Coward on Saturday July 25 2020, @11:06PM (#1026332)

      Or really, spank-a-banker, they're ultimately the ones that are enabling it. Changing the system so that the party sending the money has to actually send the money rather than allowing other institutions to request money would make a huge difference in terms of how likely people are to get scammed. Or, at bare minimum when a bank or other party requests money be transferred, there should be some sort of a positive verification required of that.

      Doing that would likely cut down a ton on these sorts of things. Of course, in the US, we won't get that because it would require bankers to get off their lazy asses and do something positive for society, so it's not happening any time soon.