Google recently started rolling out a new redesigned Gmail for the web, along with some features like the ability to snooze emails, Smart Compose, Confidential Mode and more. The redesigned app and the new features are handy for sure, but as per ABC News, The US Department of Homeland Security (DHS) has issued an intelligence note, warning users of the "potential emerging threat ... for nefarious activity" with the new Gmail redesign. The threat is particularly linked with how the Confidential Mode works.
When a mail is sent in Confidential Mode on Gmail, users need to click on a link in order to get access to it. As per the report, the DHS note says that the feature “presents an opportunity for malicious cyber actors to mimic the e-mail message and phish unwary users”. Attackers can reportedly send emails using confidential mode and make use of phishing links to get access to a victim's personal information. This could turn out to be true, however, it also depends on an individual user to be attentive and figure out whether a mail is malicious or not. According to the report, those who use third-party email clients or programs like Outlook or Apple Mail are at biggest risk of being exposed to phishing scams as they will need to enter their Google account information while accessing a “Confidential Email.”
John Cohen, a former acting undersecretary of the Department of Homeland Security, told ABC News that the new confidential email system “may actually place users at a higher risk because it may support a pattern of behavior where people click on links they receive.” Brooks Hocog, a Google spokesman, says that the company aims to make communication safer. As per Hocog, Google uses its “machine learning” algorithms for detecting if the incoming emails are malicious phishing attempts or not, and that the company uses image scans to find any hidden malicious content. The scans are said to have filtered out of more than 99.9 percent of phishing attempts in Gmail.
As mentioned above, the recipient of a ‘Confidential Email’ gains access to it via a link and they can’t copy, download, forward or print the email. Using the option, one can also set an expiration date for confidential emails so that it’s no longer accessible after that date and access is revoked even after the mail has been sent.