How safe are Gmail’s new summary cards?
Gmail is the world’s biggest free email service, and according to Google, it has more than 2.5 billion active users across Android and iOS platforms. So, when Google launches a significant new feature, the world tends to take note. From today, these Gmail users will be able to use new “happening soon” summary cards to help manage different information with just one click, which is excellent until hackers start using it for nefarious purposes. I’ve asked Google the big question that many readers will likely be thinking: How safe are summary cards from attackers using them to launch link-clicking attacks?
The New Gmail Summary Cards Feature Launching Today
Google has announced that, starting from October 2, Gmail will be introducing a new feature for all Android, iPhone and iPad users that builds on the success of the summary cards already used to help track information such as order details and delivery tracking.
The new summary cards that are being introduced will help people find information in their Gmail inbox relating to such things as receipts, bills, travel confirmations, and dinner reservations at the point of needing that information most. Google said that this builds on the helpful snippets of information provided by existing summary cards by making the following changes:
- There will be a “happening soon” section within your Gmail inbox that holds timely summary cards, providing a way to visually organize information derived from all related emails.
- The introduction of new action buttons will enable the inviting of someone to an event, for example, setting up a bill payment reminder or even checking in for a flight.
Most importantly, however, is that these summary cards will be dynamic in nature, so they will update in real time.
New summary cards are coming to Gmail
The Security Issue That Summary Cards Pose For Gmail Users
While there is no doubt that the new summary cards feature for smartphone and tablet users represents a step forward for Gmail users regarding real-world usability, providing a new and very user-friendly way to access valuable information, it also poses a risk from the security side of the fence.
These summary cards will populate three distinct areas of Gmail: within individual emails themselves for purchases, which is what has launched today, a new “happening soon” section, which is due to rollout in the coming months for purchase-related emails initially, followed by events, bills, and travel categories, and finally within Gmail searches.
Bringing more Gmail links into view could be a godsend for hackers
These summary cards will populate three distinct areas of Gmail: within individual emails themselves for purchases, which is what has launched today, a new “happening soon” section, which is due to rollout in the coming months for purchase-related emails initially, followed by events, bills, and travel categories, and finally within Gmail searches. The risk, however, comes from the dynamic and ease of use nature of the things. Google said that summary cards will enable users to quickly take actions such as “get directions, invite others, track packages, check-in, remind me, or mark as paid,” all with “no more digging for buried links.” And that’s the risk identified: clicking links. What is the number one security risk facing anyone who uses any email client? The answer is simple: phishing. And what does phishing try and trick the user into doing? Yep, click links that they shouldn’t because they are malicious. Summary cards will bring link-clicking into new and uncharted territory and my fear, knowing the criminal mindset all too well, is that it will be dangerous territory inhabited by sharks.
I directly asked Google: What protections are in place against hackers and scammers using summary cards for link-clicking attacks?
“Summary cards are secured with the same robust defenses that safeguard all of Gmail,” a Google spokesperson said. “With AI-powered defenses, we stop 99.9% of phishing, malware and spam from ever reaching inboxes.”
While 0.1% of phishing emails evading such protections sounds like a very small number, you have to remember that at the last count, more than 300 billion emails were sent and received every day by Gmail users. For the sake of argument, let’s say that we can split that in half regarding the email received, which leaves us with an astonishing 150 billion messages daily. And 0.1% of that is a lot of emails that could still pose a phishing security risk.
“In addition to Gmail’s built-in phishing protections,” the Google spokesperson told me, “we always encourage users to follow best practices (such as verifying the sender before clicking links) to stay safe online. Please see these resources on avoiding phishing and spotting scams more information.”