Rachel Tobac says the new ability to change an existing Gmail address could be abused after account takeover to impersonate banks or organizations and hijack trust in existing email threads.
I'm curious to see how the "change an existing gmail email address" feature will be misused by bad actors
change the email account name to mimic an org with authority (like a bank)
email all the contacts in used email threads to seem legit.
Google now allows you to change your @gmail.com address
This finding is one of many signals tracked across Cyber Security. The live feed updates every few hours with new expert voices, debates, and emerging ideas.
← Back to Cyber Security