Gmail’s New ‘Confidential Mode’ - A New Route to Phishing: Homeland Security

Google’s email service, Gmail has recently unveiled its new features on the web. While many of its features sound promising, what ‘Confidential Mode’ provides its users is still controversial.

Department of Homeland Security (DHS) issued an alert on last Saturday, stating the potential emerging threat with Gmail’s new ‘Confidential Mode’. They also informed Google about its vulnerabilities that could create phishing risks and reveal sensitive personal information of the users.

What is Gmail’s new ‘Confidential Mode’?

The new ‘Confidential Mode’ is said to provide users with certain assurance of privacy and security in which they can add an expiration date to emails for one day, five years or any of several duration in between, and also optionally require to choose an SMS passcode, as an added layer of security before the email can be viewed.

If the sender opts for the SMS passcode, he/she will be prompted for the recipient’s phone number. The later will receive a passcode which remains valid for five minutes. The recipient cannot forward, download, copy, paste or print the message.

Once the date arrives the email self-destructs and is no longer viewable by the recipient. Emails sent using confidential mode can be revoked at any time, by the sender, regardless of what the expiration date was. Unfortunately, each of these “security” features come with serious security problems for users!

Is ‘Confidential Mode’ really confidential? Why is it at the center of security fears?

The official Google mail website, if accessed by a Gmail user then the ‘Confidential Message’ appears when the user clicks to open it. The mail showcases the expiration date of the content and informs the recipient that the message cannot be downloaded or forwarded.

However, the users operating Gmail via third party services (like Apple Mail, Outlook, etc) are more at risk by the vulnerability. The user of ‘Confidential Email’ in this case has to click a link in order to access the content, which is seen as a great threat to 1.4 billion Gmail users by DHS and US Officials.

According to DHS, the links can be used by hackers to lure users into revealing sensitive personal information via ‘trustworthy’ emails increasing the risk of phishing.

What DHS said?

According to the Department of Homeland Security (DHS), Google’s email service, Gmail’s new 'Confidential Mode' feature is an entirely new route for phishing attacks.

The tool could make it easier for cybercriminals to pretend to be someone else, in order to gain access to users' personal information. They can send out mass-scam messages containing fraudulent versions of these confidential links.

The department issued a warning on potential emerging threats with the Gmail redesign. DHS official, further, reached out to Google to inform about the vulnerabilities and offered them to partner with the search firm to help improve the feature.

Phishing attacks steal sensitive information, including passwords, contact details, credit card and payment information, by tricking users into handing over their information. This can lead to identity theft.