Spammers Penetrate Gmail Spam Filters

I've discussed this in the past, but there are serious security issues with GMail, namely that the email forwarding ability allows spammers to redirect directly into a users inbox. The trick pretty much works best for Gmail accounts, whereby Google puts less scrutiny on emails sent within it's system compared to those sent by third-party email services like hotmail/live, yahoo etc.

Here's how it works:

Using Gmail to Bypass Spam Filters

  1. Spammer creates a new gmail account with a random, but credible looking name.

  2. Spammer whitelists their spam address in the account - so that their messages will always go to the inbox.

  3. The spammer then uses GMail's email forwarding setting to forward all emails to a target's address. This means all messages sent to the spam email will be forwarded off to the victim's address.

  4. Spammer does this for all their spam targets (mass-creates 1 gmail account for each victim).
  5. Spammer than sends their spam emails out to all the gmail addresses they created, which then gets forwarded off to the targets address.

What Happens?

Basically, the spammer gets a list of Gmail users to spam, and then mass-creates gmail accounts that will auto-forward all emails to users on the list. The spammer then sends their spam emails to the gmail accounts, which forward off the email and bypass the spam filter all together. The victim gets the spam message delivered straight to their inbox, because Google thinks that they forwarded the email to themselves and because its all handled within Google's own platform, there's less scrutiny put on it.

How Can Google Fix This?

Simple! Google should make users confirm the email address they wish to forward emails to, as it will ensure that you can only auto-forward emails to an account you own or control.

Comments

Post a Comment

Popular posts from this blog

Free Seedbox - Download Torrents without Using Your Bandwidth

Image
Continuing in a summer of free stuff, you can get a free seedbox for a limited time. What Are Torrents? If you're not familiar, torrents are a way to share and distribute files without requiring the file to be hosted somewhere. Torrents decentralize the sharing of files by ensuring that files are spread out across a number of computers. This means that if a server goes down, the file can still be downloaded because other users are seamlessly downloading and sharing it with others. What is a Seedbox? A seedbox lets you download torrents remotely, meaning that a remote server downloads the file using bittorrent, and you can easily download it directly from the server once the file is complete. Seedboxes help you: save bandwidth - since you're not uploading the files to others download files faster - since the server has dedicated speeds avoid censorship - some ISPs will throttle your connection to slow down torrent downloads simply computing - you can turn off your
Read more

Free $1 to Amazon MP3 Credit for Download a Free Application

Image
For a limited time (February 23, 2015 - December 31, 2015), Amazon is offering $1 free MP3 credit if you download one of a few applications. The trick here is that they offer a bunch of free apps, among some paid apps. Simply choose one of the free apps (Pandora, TuneIn Radio, Vevo, Shazam, Soundcloud, etc.) and get your free $1 MP3 credit. There's no payment needed and you don't even have to download the app! Here's the steps needed: Create an Amazon account if you don't already have one Access the special free mp3 credit landing page Select one of the free apps (or buy an app if you really want), here's a few of the popular free ones (Pandora, Fruit Ninja, Shazam, Pandora and Temple Run 2) Click on one: If you're logged-in, you'll see a 'buy' button and the price is $0.00 - click the button and you should get your credit within a matter of minutes. You must redeem your free MP3 credit by January 31, 2016 .   It's basically go
Read more

ZShare Closes and Shuts Down

Image
It appears that one of the last major video and file sharing services, ZShare, has closed down in light of increased pressure over copyright and piracy allegations. The site best known for allowing video streaming of TV shows and other assorted clips, and also allowing users to download the files through a Rapidshare type service, has been inaccessible for approximately three weeks with no sign of coming back online. Many within the community have started turning to alternative hosting services, but no official word has been released from anti-piracy organizations on whether this was part of a targeted attack against the file hosting service. With the recent lawsuits and claims takedown of MegaUpload, numerous file hosts have taken action - with some (FileSonic and FileServe) even taking measures to close down their services in advance of any lawsuits. Of the services that have limited the ability for users to share files with others, few believe that the tactic of laying low will wor
Read more