Skip to main content

Gmail Releases New Confidential Mode 

By August 28, 2018June 3rd, 2022Cybersecurity

Google has introduced a new Gmail feature called “Confidential Mode,” which seeks to make sending and receiving important or sensitive emails more secure.  Unfortunately, it may have inadvertently created as many problems as it solves.

Here’s how the new feature works, and why you may be leery of using it:

To send a confidential email, compose your message as normal, and then, click the “lock” icon located at the bottom of the email screen. When this button is pressed, you’ll be presented with a number of options that will enable you to specify a self-destruct time ranging from one day to five years.  The email will auto-delete after the amount of time specified.

You’ll also be able to specify whether the email requires a password to open, and of course, giving you the ability to set that password.  Also, a message sent in Confidential mode cannot be forwarded to any other user or be printed out.

The new service works across all email systems because Confidential messages aren’t actually sent.  The user will get a notification that they’ve received a confidential mail, and a link to click to access it, which points back to Google’s own servers where the email is housed.

Given this, the sender of the message also has the ability to selectively remove access to confidential emails if one was inadvertently sent to the wrong recipient.

All of that sounds great in theory, but there’s a problem.  That’s exactly how phishing attacks work.

Security professionals have sounded the alarm that hackers will quickly begin spoofing Google’s new service, pointing the links in their messages toward their own servers.  When users are prompted to provide their login credentials to see the message, they’ll be handing access to their email account over to the hackers.  Google has not yet responded to or commented on this flaw in their new system.  Use with caution.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.