Gmail Bug Lets You Impersonate Another Person’s Account

Gmail Bug Lets You Impersonate Another Person’s Account
WDnetStudio / Pixabay

Although it might be something that most people want to do on a regular basis, the bug allows Gmail users to send emails that appear to originate from an account that is not their own.

Play Quizzes 4

The bug is amazingly easy to activate and was discovered by independent security researcher Yan Zhu. Zhu found that by simply changing your display name in the Gmail app you can change the address from which you send emails.

London Value Investor Conference 2022: Chris Hohn On Making Money And Saving The World

business activist 1653311320Chris Hohn the founder and manager of TCI Fund Management was the star speaker at this year's London Value Investor Conference, which took place on May 19th. The investor has earned himself a reputation for being one of the world's most successful hedge fund managers over the past few decades. TCI, which stands for The Read More

Security researcher finds simple Gmail bug

Zhu spoke to Motherboard about the bug, revealing how she changed her display name to “”” with two sets of quotation marks at the beginning. The extra set of quotation marks are in fact what conceals your true email address, and in Zhu’s case it looked as though the email was sent by Google’s security team.

Obviously this could fool other Gmail users into thinking that the email was trustworthy if it asked for sensitive information and would be incredibly useful for anyone carrying out phishing attacks. Otherwise it could also be used to impersonate someone else in order to gain access to information that the target might not otherwise send to you.

Unfortunately for those concerned by internet security, i.e. almost everyone, Google apparently does not think the bug is a big deal. Zhu told the tech giant about the bug in late October but it informed her it did not constitute a security vulnerability.

Google apparently unconcerned by flaw

Why are Google being so relaxed about what sounds like a serious threat? As Motherboard says “it’s always been possible to spoof email envelope addresses, but spoofed emails now usually get caught by spam filters or get displayed with a warning in Gmail… with this bug, a hacker can get around these protections.”

If the bug lets people bypass common security filters, why will Google not fix it? It seems amazing that such a simple but important bug went undetected for so long.

Perhaps the company will get around to it at some point. In the meantime Gmail users should be extra careful with emails asking for sensitive information.

Updated on

While studying economics, Brendan found himself comfortably falling down the rabbit hole of restaurant work, ultimately opening a consulting business and working as a private wine buyer. On a whim, he moved to China, and in his first week following a triumphant pub quiz victory, he found himself bleeding on the floor based on his arrogance. The same man who put him there offered him a job lecturing for the University of Wales in various sister universities throughout the Middle Kingdom. While primarily lecturing in descriptive and comparative statistics, Brendan simultaneously earned an Msc in Banking and International Finance from the University of Wales-Bangor. He's presently doing something he hates, respecting French people. Well, two, his wife and her mother in the lovely town of Antigua, Guatemala. <i>To contact Brendan or give him an exclusive, please contact him at</i>
Previous article Hedge Fund Crowding Costs: Q3 2015
Next article NASA To Grow Flowering Crop In Space Next Year

No posts to display