Email is one of the sources most used by hackers to carry out their scams and deceptions. For this reason, technology giants, such as Google or Microsoft, are constantly looking for new ways to combat SPAM and Phishing on their servers in order to keep users as safe as possible. Thus, continuing with this objective, Google has just presented a new security measure for your mail, Gmail, with which we can combat these email scams a little more.
One of the most common techniques when carrying out phishing attacks is the identity fraud. Hackers pose as other people, or companies, and seek to trick users into clicking a link, downloading a file, or responding with some type of information.
In social networks, for example, we have the verified accounts, an indication that guarantees us (except on Twitter) that the account we see is an official, real and verified account. For this reason, in 2021, Google also began to implement something similar in its mail, adding the possibility for official accounts to put their logo or avatar in the sender. This is what is known as BIMI, Brand Indicators for Message Identification.
Verified accounts for Gmail
Now, to continue shaping this security measure, Google has announced that it will add a check mark next to the sender of the Gmail emails that will allow us to identify legitimate emails and thus avoid impersonated emails.
Thanks to this authentication, users and security systems will have a much easier time being able to differentiate official, legitimate, and reliable emails from messages sent by hackers.
How to enable the feature
This function must be enabled by the administrators of the Google Workspace accounts in order to follow the necessary steps for its validation. In order to enable BIMI, it is necessary that the company adopts DMARC and that we have validated our code in VMC using a certification authority such as DigiCert or Entrust. Such a digital certificate costs about $1,500 per year, which will keep hackers out and only large companies will be able to afford it.
In the case of end users, with personal accounts, we do not have to do anything, since the callsigns will appear automatically. And, of course, we will not have to pay anything. This security measure came into effect yesterday, May 3, although it may take up to 3 days to be reflected in our inbox.