The feature of the new Gmail encrypted messages open in for fraud

Google announced in early April that it is launching a simple tool that allows business users to easily send “end-to-end” emails-trying to address the long-standing challenge to add additional security protection to email messages. This feature is currently in beta for organizational users in their organization. It then expands to allow Google workspace users to send end -to -end emails to each Gmail user. At the end of the year, this feature allows users to send safer emails to each inbox. Researchers warn email fraud and digital fraud, although this feature provides a new option for privacy and email security, but it also creates new phishing attacks.

End -to -end encryption is protection that opens data at all times except in transmitter and receiver devices and it is difficult to add to the historic email protocol. The mechanisms of doing this are typically very complex and costly to execute it and only mean large organizations that try to meet specific requirements. On the contrary, the encrypted email tool finish to the end of Google is easy to use and does not require significant overhead. The scenario that digital fraud researchers are more concerned about is that a user sends a final encrypted workspace to the end to a non -Gmail user.

Google wrote in a blog post: “When the recipient is not a Gmail user, Gmail invites them to see E2ee email in the limited version of Gmail.” “The recipient can then use a Google Google Google account to view safe and respond to email.”

The fear is that the fraudsters use this new and safer communication mechanism by creating fake versions of these invitations that contain malicious links and enter their goals to log in to their email login for email, single login services or other accounts.

“Looking at Google’s execution, we can see a new workflow for non-Gmail users-a pursuit of an email,” says Jérôme Segura “Users may still not be familiar with exactly what a legitimate invitation looks like, and makes them prone to clicking on a fake.”

Due to the technical limitations of the email, Google created a way for an organization’s workspace to automatically manage keys – used for Descramble encrypted messages. Key management is what makes the final encryption email finish, so providing a solution that is easy for customers is departing from what is currently available. The fact that the organization’s workspace controls the keys rather than local storage in transmitter and receiver devices, which means that this feature is not fully eligible for end -to -end encryption. But the researchers say that for things like business adaptation, this tool can still be very useful. And people who want to finish encrypted communications just need to use a built -in application such as a signal.

When Gmail users receive one of the new encrypted emails from a Google workspace user, a wide range of dynamic spam filters and Google fraud detection mechanisms will be widely played to protect against spam, phishing and rogue irritants. But email users outside the Google ecosystem will also be able to receive encrypted email invitations, which make it available to anyone, but also throws non -Google users to their devices.