One of the most intriguing features in the 2018 update of Google’s Gmail service was confidentiality mode. While it might improve the security of email contents for some users though, the Department of Homeland Security (DHS) is concerned that it could lead to more users than ever before being caught out by phishing scams.
Confidentiality mode works by not sending the actual contents of an email, but sending an email with a link to said content and requiring a password to access. The idea is that users can protect the data they’re trying to communicate with someone on the other end. While that sounds fine in theory, in practice it means clicking on links within emails, which any security expert will tell you is fraught with danger and it’s where phishing hackers make the bulk of their attacks.
A couple of months on from Google’s early rollout of confidentiality mode and other new features, the DHS has been in contact with the tech giant to try and work on a solution to the problem. Google’s response, according to ABCNews, has been to say that it believes no additional security risks have been created with the implementation of the new feature.
That may well be the case for Gmail users, who experience a typical email scenario when receiving confidential emails. However, should that email be sent to someone outside of the Google sphere of influence, a placeholder message and link to the original content is provided instead. According to the DHS, that “presents an opportunity for malicious cyber actors to mimic the email message and phish unwary users.”
Google claims that it has a stellar track record in blocking phishing attempts, suggesting that as many as 99.9 percent of all attempts are caught out by its machine learning and image scanning technologies. However, the potential threat with confidentiality mode isn’t in phishing attacks targeting Gmail users, but in going after those outside of Google’s services. By sending links in emails, Google could be setting a precedent that makes people less wary of unsolicited emails containing links that they need to click.
Keeping away from email links is just one of the many top tips for staying safe online.