New Gmail Encryption Feature Concerns Cybersecurity Analysts
This week, Google announced that it would be implementing end to end Gmail Encryption to its nearly 2 billion users. This would allow users to choose whether or not they would like to add additional security to certain emails. While on the surface, this is a game changer for businesses who may not have the resources to afford advanced cybersecurity technology, some cybersecurity analysts are concerned that this could leave users vulnerable in an unexpected way. The way that Google’s E2EE will work is that if someone with a Gmail account sends an encrypted message to another Gmail account, it will automatically be decrypted. However, the same cannot be said for sending emails to non-Gmail users. In this case, users will have to accept an invitation to view it and be taken to a restricted version of Gmail. Although this is not inherently malicious, some experts are concerned that this will make users more susceptible to phishing attempts if they are unable to discern what is a legitimately encrypted email. Analysts are taking this into account in light of Google’s history with compromised email security. For instance, earlier this month, Google dealt with a phishing scam dubbed the “Subpoena attack” which prompted users to produce their Gmail content under the guise of a subpoena. The phishing scam was able to bypass the DKIM authentication, making it incredibly difficult to detect as a scam. While Google has released new security measures to mitigate this attack, experts are worried that these two events so close to each other can confuse unfamiliar users. In response to these concerns, a spokesperson for Google has stated what the nature of these invitations will look like so users can be aware of suspicious activity, such as asking for passwords or push notifications.
Source:
https://www.forbes.com/sites/daveywinder/2025/04/27/new-gmail-feature-warning—millions-of-email-users-could-be at-risk/
Inside Out Legal is your In-House Extension.
We handle a wide variety of matters that are typically handled by corporate in-house legal departments. We are available to provide additional legal resources directly to the general counsel’s office to handle overflow and specific projects. We are also able to provide services directly to the business team itself. Our team regularly counsels clients on how to comply with federal and state regulations that govern healthcare, higher education, information technology, data privacy and security, commercial real estate and various other highly regulated services. We also have extensive experience creating or revising compliance programs on behalf of our clients.
Learn more or schedule a consultation with one of our expert attorneys at https://inoutlaw.com/