Impersonating another person or business is one of the most popular ways to carry out malicious email attacks today. An email asking to reset a certain service’s password is enough for many to drop in and give their credentials to third parties. Google (and other email providers) have plans to end this: verify professional accounts.
As announced by Google in its Cloud Next ’20: On Air virtual event, they are preparing to support BIMI in Gmail. Through it verified brands that send choreas will have a brand logo in the avatar space in the upper left corner of posts. A visual way to confirm to the user that they are indeed receiving an email from this brand.
The system works much like verified social media accounts like Twitter. Only in this case there is no check blue and the steps to obtain such verification are much more complex and stringent. Google says the companies logo will appear in the Gmail web client and official mobile apps. They also want to do something similar in texting.
Example of what a verified brand will look like in Gmail. Via Google.
They hope to be able to implement it in the coming monthsAlthough they did not give an exact date for this. With this system implemented (and if large companies audit their accounts) the possibilities of falling into deception in Phishing are considerably reduced. Few things are more effective than visual confirmation of knowing that an email is received from a real entity.
BIMI, the messaging standard behind this new functionality
Here, Google really didn’t invent the wheel. What they do is implement BIMI, an image identification system independent in which other suppliers also participate. Currently and as we can see on the official website of the service, other providers such as Fastmail, LinkedIn or Verizon (Aol and Yahoo!) have also joined.
Current email providers who support or will support BIMI. Via BIMI.
In order to verify a BIMI email account, it is necessary to pass a series of tests that demonstrate the authenticity of the person requesting it. Indicates that take advantage of DMARC protection for thisWith this, they make sure that the domain of the organization that asks to be verified has not been overridden.
We will see if in the coming months there will be more email providers and, above all, companies that verify their accounts. On the part of the user, there is really nothing that can be done, an avatar will simply appear in emails from a verified subject. But as always, precaution is one of the best protection measures take to avoid Phishing or other attacks.
Source : Engadget