As a response to the issue of security vulnerabilities in Google, Google has reported on Tuesday that there were was no Gmail vulnerability noticed in the investigations. Google says that the problem was due to the scammers who sent phishing messages to users. Phishing is a method in which the reader would be sent customized emails that would be convincing and encourage the user to forward their confidential details. Mr. Chris Evans, the security engineer for Google said that there has been no evidence of Gmail Vulnerability noticed in the investigation. The scammers normally send malicious emails to unsuspected Gmail user groups without his / her knowledge. This would help the attackers in collecting the details such as credit card, identity information, usernames, passwords and so on. The username and the passwords that are taken are then modified and the website(s) of the victim are changed by the attackers for making the websites permanently alien to the actual owner.
They send interesting messages in their mails that would force the reader to visit the link they had specifically mentioned. The users would as well curiously click on the link and visit the website. This website would be the main platform for the attackers to collect the personal information of the users and have it used in different places they want. Mr. Chris Evans says the intermediate sites that mostly have Google’s name written on it have nothing to do with Google neither are they affiliated to them.
Many of them who have been victims of Google vulnerability report Google to be the prime cause for the loss of confidential information. The phishers who had gained access to the users’ Gmail accounts had created filters in their accounts to receive any mails that they would receive from domain registering service providers. The worst part is that, all these had been done without the knowledge of the user. The users were still using their Gmail accounts without noticing the new filter in their account. Google is giving clearance statements justifying that Gmail vulnerability had nothing to do with the issue. Mr. Chris Evan referred to an issue that blamed domain theft in December 2007 and was later found that Gmail CSRF vulnerability had nothing to do with the issue. He also addressed about the importance of having Gmail’s HTTPS enabled. He said that enabling this feature would always ensure that the messages are always encrypted. Following this information, he requested all the Gmail users to positively have this feature enabled in their accounts. He said that however, every step would be taken to make Gmail more secure and also added that they are always looking for new ways to enhance Gmail’s security. He requested the users to always login into their account using their credentials only through the website https://www.google.com/accounts and do not enter the username and password details into any other dialogue box that might pop up and also that the users should not click on any warnings that might pop up.