Most of us don’t give much thought to the “From” address field on our email, which is usually filled out by a mail program or web service. On the recipient’s side, security tools can check this address against the sending server to verify that the message is legitimate.
But an SMTP relay server between the server and the inbox will allow mail to go through, even if the addresses don’t match, which is why some marketing organizations can send mass mailings without being blocked.
And Gmail happens to have SMTP relay facilities, making it possible to send non-Gmail mail through Google servers. Researchers at Avanan have discovered that hackers are manipulating Google’s services, masquerading as reputable brands and sending thousands of emails, bypassing security tools and directly into users’ inboxes.
Hackers are exploiting a flaw in Google’s SMTP relay service to send phishing emails that are more likely to reach the inboxes of harassed people undisturbed. Avanan has observed a significant increase in the number of such attacks, with more than 27,000 such emails sent this way in just two weeks in April.
Google was informed of the vulnerability on April 23. To guard against attacks, security researchers recommend checking the sender’s address before interacting with any email, using an email security solution, using a variety of indicators to determine if a message is malicious, and always checking the email address before clicking on any link. Hover over it to see the target URL.
