You remember a month ago, we told you so Google has implemented an authentication system in Gmail which prominently uses the already very popular “blue check”, which we have seen in other services for years and which has become another monetization tool for some time. The most obvious example of this is of course Twitter, but we mustn’t forget that in its shadow, Meta did the same with Facebook and Instagram.

Unfortunately, as we have seen in the past, payment-based authentication systems can be extremely unreliable, but in Twitter’s case, it wasn’t enough for those in charge to keep the old, yes, reliable ones verified. So the first consequence of monetization based on these elements is that we have to take into account whether the services charge for it or not, in order to ensure more or less reliability of both their identity and their content. And just whether account verification depends on whether it generates income, we can already imagine which element has the most weight in the equation.

However, if verified is granted on the basis of an account verification system in which the economic question does not interfere, This already offers us a certain guarantee that we do not have in other types of cases.. In other words, if the verified person is not paid, they gain a lot of credibility points, and this is the model that Google uses in the implementation of blue verification in Gmail, which, at least in its first phase, is limited exclusively to companies and entities. , with the goal of combating the dreaded and contemporary phishing.

However, and although the intention is good, the implementation of this system seems to have something of a problem. As cybersecurity engineer Chris Plummer discovered and shared in your Twitter account, a bug in Gmail allows you to identify a fake account as a verified one. In the example you post in your report, we see how an email address that has nothing to do with UPS Courier and Parcel was identified as legitimate.

In the first instance, after reporting this issue to Google, the company responded that the issue is considered normal use of the service in the scenario and therefore will not be addressed. However, after some pressure from Plummer, Gmail’s security officers reconsidered their original position, saying they had misinterpreted the original message, Well, that’s actually a pretty serious security issue..

So, as of today, we know that this issue is a top priority for Google’s technical teams, so we can trust that it will be resolved within a reasonable time frame. In the meantime, yes, if you receive an email in your Gmail account and it contains a verification symbol, keep this issue in mind when judging its credibility… that is, don’t trust the blue check and that you therefore proceed in the same way as for an e-mail that does not have the specified verification.