Jump to content

Search the Community

Showing results for tags 'gmail'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 49 results

  1. WASHINGTON/SAN FRANCISCO (Reuters) - Alphabet Inc’s Google gave details about its policies for third-party Gmail add-ons but stopped short of fully addressing questions from U.S. senators about developers who break its email-scanning rules. How user data flows between big technology platforms such as Google and Facebook Inc and their partners has faced scrutiny around the world this year since Facebook revealed it had done little to monitor such relationships. Google said in a letter to U.S. senators made public on Thursday that it relies on automated scans and reports from security researchers to monitor add-ons after launch, but did not respond to lawmakers’ request to say how many have been caught violating the company’s policies. Senators may seek further clarity on Gmail’s operations at a Commerce Committee hearing about privacy practices scheduled for Sept. 26 with officials from Google, Apple Inc, AT&T Inc and Twitter Inc. Google did not immediately respond to a request for comment. Gmail users must give their consent to activate extensions, which can help them send emails on a time delay, get price-match rebates from retailers and remove unwanted mailing lists. Under Google’s policies, software firms that create these add-ons must inform users about how they collect and share Gmail data . The lawmakers’ inquiry came after the Wall Street Journal reported in July that some add-on makers did not make clear to users that their employees could review Gmail messages and that their data could be shared with additional parties. Software experts told Reuters in March that auditing of apps that interact with Gmail, Facebook and other services is lax. To be sure, sharing with a fourth party is essential to the functioning of some add-ons. For instance, a trip-planning app may scan a users’ email for upcoming flight details and then use the data to query an airline for updated departure information. Google told senators it has suspended apps due to “a lack of transparency to users,” without identifying violators or when enforcement actions took place. Gmail, used by 1.4 billion people, is not the only Google service drawing lawmaker questions about oversight. House lawmakers asked Google in a separate letter in July whether smartphones with its voice assistant tool can or do collect so-called “non-triggered” audio in order to recognize phrases like “Okay Google” that activate voice controls. The lawmakers cited media reports and said there had been suggestions that third-party applications have access to and use this non-triggered data without disclosure to users. Source
  2. Email makes it easy to share information with just about anyone—friends, colleagues and family—but drafting a message can take some time. Last year, we introduced Smart Reply in Gmail to help you quickly reply to incoming emails. Today, we're announcing Smart Compose, a new feature powered by artificial intelligence, to help you draft emails from scratch, faster. Draft emails quickly with confidence From your greeting to your closing (and common phrases in between), Smart Compose suggests complete sentences in your emails so that you can draft them with ease. Because it operates in the background, you can write an email like you normally would, and Smart Compose will offer suggestions as you type. When you see a suggestion that you like, click the “tab” button to use it. Smart Compose helps save you time by cutting back on repetitive writing, while reducing the chance of spelling and grammatical errors. It can even suggest relevant contextual phrases. For example, if it's Friday it may suggest "Have a great weekend!" as a closing phrase. Get started Over the next few weeks, Smart Compose will appear in the new Gmail for consumers, and will be made available for G Suite customers in the workplace in the coming months. To get started, make sure you’ve enabled the new Gmail by going to Settings > “Try the new Gmail.” Next, go to the general tab in your settings, scroll down and enable “experimental access.” If you want to switch back, you can always uncheck the box. < Here >
  3. It’s all business Google unveiled a new Gmail design this week, overhauling its free email service with new features and a fresh look. Beyond the new design, smart replies, and email snooze features that regular Gmail users will enjoy, Google is adding in some smart business-focused features designed to improve productivity, security, and manage the sharing of emails. These are the types of features you’d usually find in rival software like Microsoft’s Outlook app that a lot of big businesses use for workplace emails. Microsoft dominates workplace productivity software, and Google has been a distant second with its G Suite offering for years. Google obviously wants that to change. There’s a new confidential mode for setting expiration dates on emails, for example, and you can even block recipients from forwarding, copying, downloading, or printing particular messages. It’s the same information rights management (IRM) that Microsoft originally introduced in Outlook back in 2007. Google is also adding improved email phishing detection, two-factor authentication to protect emails, and even the ability to use a more robust offline mode so travelling business users can simply use their regular Gmail tab in a browser without having to worry about connectivity. The biggest visual changes are also aimed at improving productivity for business users in Gmail. There’s a new sidebar which means you can look at calendar appointments side-by-side with emails, and even new quick hover buttons to delete or archive messages without needing to open them. I’ve been using the new Gmail and a lot of these new features remind me of Outlook, which is only a good thing. Outlook has always kept mail, calendar, contacts, and tasks within a single app, and cleverly surfaced these when you’re trying to create a calendar appointment, or find someone’s number in a corporate directory. It’s one of the reasons I still use Outlook for iOS, because it keeps your calendar information, contacts, and email all within a single place instead of having to jump in and out of apps. Google’s new sidebar in Gmail feels like a first big step towards better integration of mail, calendar, tasks, and contacts within Gmail. Consumers will enjoy it, and business users will find it really useful for scheduling meetings or managing tasks. Likewise, the security features will be used primarily by businesses to make emails self-destruct, or to avoid simple human errors where emails go to the wrong person. All of these features are designed to get more businesses to seriously consider G Suite. Google has 4 million businesses paying for G Suite right now, compared to 120 million Office 365 commercial users. That’s double what Google had a few years ago, but Microsoft is still managing to dominate with Office 365. Microsoft even has 29.2 million consumers paying for Office 365, and it generates more revenue from Office 365 commercial subscriptions than regular standalone copies of Office. Google can clearly see Microsoft is outpacing its own growth in this area, and this latest Gmail update is an early response. Microsoft is aiming to get two-thirds of its Office business customers over to the cloud (from standalone Exchange and Outlook) over the next 15 months so Google has a major battle ahead for big business. It’s not going to be quick or easy, but Google does have some important advantages over Microsoft. 1.4 billion people are using Gmail, compared to 400 million on Microsoft’s Outlook.com service. Google’s G Suite also dominates in education in the US, alongside Chromebooks, and it has made some impressive inroads in small businesses. Google also has the obvious advantage of its Android platform without Microsoft’s hefty legacy support issues, and of being web-first with its products. All of these advantages should make it easier for Google to entice the next generation of workers and businesses over to G Suite. Google might never fully catch Microsoft in enterprise and big business, but that doesn’t really matter. This latest battle is good news for all users of Office 365 or G Suite. It’s the competition that has forced Microsoft to make some changes to Office 365 and Outlook.com to improve its own software and services. Likewise, Google is now improving its own products for businesses. Everyone wins when there’s solid competition, and the war between G Suite and Office 365 is definitely getting a whole lot more interesting. < Here >
  4. Google is currently dealing with one of the more bizarre cases of email spam we've seen. Gmail users with completely secure accounts are discovering spam messages in their sent folders. They didn't send these emails and have no idea how they got there. As Mashable reports, the emails listed in the sent folder are your typical spam messages offering loans, weight loss solutions, and growth supplements for men. The discovery of the emails led some users to change their Gmail account passwords. But others confirmed two-factor authorization was still active and working on their account, so they turned to Google's Help Forum. It turns out Gmail users have nothing to worry about and their accounts remain secure. Google explained that this is indeed a spam campaign, but the messages appearing in sent folders were never sent from the accounts. In a statement, Google explained that, "This attempt involved forged email headers that made it appear as if users were receiving emails from themselves, which also led to those messages erroneously appearing in the Sent folder." Each email looks as though it was sent to around 10 recipients, none of which are known to affected users. Many of the messages are also being sent via telus.com, but the Canadian telecom company confirmed none of the messages are being generated by Telus or sent via Telus' servers. Google insists only a small subset of users are affected, and it is working to ensure all the rogue emails are reclassified as spam. < Here >
  5. In just a few weeks’ time, Gmail for web might look quite a bit different. G Suite users today were alerted to an incoming Gmail redesign that promises to have a few new features in tow. While we don’t know what the redesign will look like yet, it has the potential to be pretty big, as the web version of Gmail has looked more or less the same for a while now. Google announced the incoming redesign in an email to G Suite subscribers, which The Verge managed to get a copy of. The redesign will launch first in G Suite’s Early Adopter Program, eventually becoming available to those with a personal Gmail account as well. Google took the time to outline some of the new features that will be coming along with this redesign, and even though the list is fairly short, it paints an exciting picture for someone who’s bored with Gmail’s current look. For starters, Google promises a “fresh, clean look for Gmail on the web” that offers easy access to G Suite apps like Google Calendar from within the email interface itself. We’ll also see smart reply make its way to web, which has been a feature available in the mobile version of Gmail for a while. Users will also be able to snooze emails so they’ll reappear at a later time, and Google is planning offline support as well, though it sounds like it won’t launch until after the redesign is in place. Aside from those teasers, though, there isn’t much else to report, so we’re free to let our imaginations run wild. Google did confirm to The Verge that a redesign is indeed on the way, but said that it’ll be a little while longer before it’ll be ready to share more. So, for now, we wait. We’ll keep an ear to the ground for more, but while we wait, head down to the comments section and let us know your thoughts about a Gmail redesign – does the service need one, or should Google leave things the way they are? source
  6. dabourzannan

    Disappearing mail messages

    About two weeks ago, I started to see message in my gmail inbox that does not look suspicious, but as I do not open mails from someone, I do not know I mark such mails and delete them. Those mails once I mark them they totally disappear not in deleted not in junk nowhere to be found. I sure this must be malicious and will continue not to open any mail like this, but I need to understand what that could be. Would appreciate if someone help me.
  7. According to a new blog post on Google's blog, Google will soon stop scanning emails on its Gmail email service for advertisement purposes. Gmail scans user emails on Gmail for a variety of purposes. These include to make sure that they don't contain spam or malware, but also to use the information for advertising purposes. Privacy advocates have criticized Google for the practice, and Microsoft never failed to mention the fact and even used it in the company's infamous Scroogled advertisement campaign. Google uses the information that it gains from the scans, and information that it has about the user from other sources, to display targeted advertisement to the user. Google states that in Gmail's Terms of Service: Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored. Google's Diane Greene, SVP Google Cloud, announced the change in a new blog post on the official Google blog on June 23, 2017. G Suite’s Gmail is already not used as input for ads personalization, and Google has decided to follow suit later this year in our free consumer Gmail service. Consumer Gmail content will not be used or scanned for any ads personalization after this change. This decision brings Gmail ads in line with how we personalize ads for other Google products The decision was not made by Google's ad division, but by the company's Cloud division. The rationale behind the decision is that Google's Cloud division believes that organizations may not use Google's services because of the privacy implications that go along with scanning emails for advertisement purposes. Google's G Suite never displayed email scanning advertisement to users of the service, but Google believes that company decision makers may still have been confused by it. The outcome is positive for users of the free Gmail service: Google plans to stop scanning Gmail emails for advertisement purposes. This does not mean that the free Gmail won't show advertisement. The ad selection process however will use other available sources of information to display ads to users on Gmail, for instance from searches or from YouTube activity. Google is playing catch-up to Amazon and Microsoft when it comes to Enterprise cloud services. Revenue of the company's cloud division is on the rise; G Suite has more than 3 million users as of June 2017, and usage has doubled in the past year among large business customers according to the announcement. Source: Google won’t read Gmail emails anymore for advertisement(Ghacks)
  8. Security researchers have exposed a sophisticated hacking and disinformation campaign that targeted more than 200 Gmail users. Russian government hackers seem to have figured out that sometimes the best way to hack into people's Gmail accounts is be to abuse Google's own services. On Thursday, researchers exposed a massive Russian espionage and disinformation campaign using emails designed to trick users into giving up their passwords, a technique that's known as phishing. The hackers targeted more than 200 victims, including, among others, journalists and activists critical of the Russian government, as well as people affiliated with the Ukrainian military, and high-ranking officials in energy companies around the world, according to a new report. Researchers at the Citizen Lab, a digital rights research group at the University of Toronto's Munk School of Global Affairs, were able to identify all these victims following clues left in two phishing emails sent to David Satter, an American journalist and academic who's written Soviet and modern Russia, and who has been banned from the country in 2014. On October 7, Satter received a phishing email designed to look like it was coming from Google, claiming someone had stolen his password and that he should change it right away. As with seen with other phishing attacks targeting people affiliated with the Hillary Clinton campaign that led to the DNC leaks of last year, the email, however, didn't come from Google. It was actually from a group of hackers known as Fancy Bear, or APT28, whom many believe work for Russia's military intelligence, the GRU. A screenshot of the phishing email received The "Change Password" button linked to a short URL from the Tiny.cc link shortener service, a Bitly competitor. But the hackers cleverly disguised it as a legitimate link by using Google's Accelerated Mobile Pages, or AMP. This is a service hosted by the internet giant that was originally designed to speed up web pages on mobile, especially for publishers. In practice, it works by creating a copy of a website's page on Google's servers, but it also acts as an open redirect. According to Citizen Lab researchers, the hackers used Google AMP to trick the targets into thinking the email really came from Google. "It's a percentage game, you may not get every person you phish but you'll get a percentage," John Scott-Railton, a senior researcher at Citizen Lab, told Motherboard. So if the victim had quickly hovered over the button to inspect the link, they would have seen a URL that starts with google.com/amp, which seems safe, and it's followed by a Tiny.cc URL, which the user might not have noticed. (For example: https://www.google[.]com/amp/tiny.cc/63q6iy) Using Google's own redirect service was also perhaps also a way to get the phishing email past Gmail's automated filters against spam and malicious messages. "It's a percentage game, you may not get every person you phish but you'll get a percentage." According to Citizen Lab, who doesn't directly point the finger at Fancy Bear, the email was actually sent by annaablony[@]mail.com. That address was used in 2015 by Fancy Bear to register a domain, according to security firm ThreatConnect. And another domain used in the October attacks exposed by Citizen Lab was also previously linked to Fancy Bear, according to SecureWorks, which tracked the phishing campaign against the DNC and the Clinton campaign. Curiously, the email targeting Satter came just a few days before Google warned some Russian journalists and activists that "government-backed attackers" were trying to hack them using malicious Tiny.cc links. A screenshot of a phishing email received Now we know that in October of 2016, when the hackers targeted Satter and at least 200 other people, the trick of using Google AMP was working, and Google hadn't blocked it. Google has previously dismissed concerns about open redirectors, arguing that "a small number of properly monitored redirectors offers fairly clear benefits and poses very little practical risk." On Thursday, a company spokesperson said that this is a known issue and last year some Google AMP URLs started showing a warning if the company's systems are uncertain whether the link is safe to visit, such as this. But for some security researchers, they are dangerous. "The AMP service's behavior as an open redirect for desktop browsers was clearly abused in this situation and is also just trivial to abuse in general," Nicholas Weaver, a senior researcher at the International Computer Science Institute at UC Berkeley, told Motherboard in an email. "There is undoubtedly some engineering tradeoff I'm not seeing that causes them to maintain it." Google's redirectors might not be the only part of Google's infrastructure that Fancy Bear hackers have been taking advantage of. Citizen Lab researchers found a Tiny.cc URL that targeted an email address—myprimaryreger[@]gmail.com—that other security researchers suspect was used by Fancy Bear to test their own attacks. A screenshot of the Google Plus page of "myprimaryreger[@]gmail.com," an account researchers believe was controlled That address had a Google Plus page filled with images that appear in real, legitimate Gmail security alerts. It's unclear what the hackers used these for, or if they used them at all. But the researchers said that perhaps the hackers were embedding them in phishing emails, and the fact that they were hosted on Google Plus perhaps helped thwart Gmail's security controls. The Fancy Bear hackers are known to use popular services like URL shorteners in their high-profile hacking operations. And, sometimes, those URL shorteners betray them and end up revealing who they targeted. Between March 2015 and May 2016, as part of their operation to hack Clinton's campaign chairman John Podesta, and former National Security Advisor Colin Powell, the hackers targeted more than 6,000 people with more than 19,000 phishing links. Some of those used Bitly URLs that, as it turned out, could be decoded to figure out who they were intended to. An analysis of the Bitly link used to phish John Podesta Similarly, in this case Citizen Lab researchers were able to identify the victims by figuring out that there was a pattern behind how Tiny.cc creates short URLs. That pattern, as research fellow Adam Hulcoop explained to me, "was chronological." So, starting from the links sent to Satter, the researchers were able to guess other links created around the same time. It's impossible to know why the hackers keep relying on services like Bitly or Tiny.cc, which end up exposing some of their operations—although months later. One explanation could be that their phishing campaigns are highly automated, given that they target thousands of people. So, as Hulcoop put it, they need a modular phishing infrastructure where every element can be modified if needed, as "an insurance policy of sorts" and they use third party services "to try and balance the need for OpSec [operational security, or the practice of keeping operations secret] with the ability to operate at scale." "The construction of the Tiny.cc shortcodes pointing to TinyURL shortcodes, which ultimately point to phishing sites on different servers. This modularity is likely by design so that the operator can change up the individual components, servers, redirectors, etc., and only abandon the pieces that are burned," he said in an online chat. "The more layers you have, the more flexible you can be." Article source
  9. Google has a new feature Google is rolling out a cool new feature that allows you to perform searches through your personal data - from Gmail or Photos - straight from the search engine interface. First spotted by Search Engine Roundtable, this new "Personal" tab shows you content from private sources, including emails and photos you've taken and uploaded to the cloud. There's nothing particularly difficult to figure out about this new tab because it works just like any other tab on Google. You first have to type whatever it is you want to look for like "flowers," and switch to the "Personal" tab, which you can find in the "More" tab at the end of the line. There, you'll find any emails you have received featuring this word, as well as any pictures stored in your Photos account containing flowers. As mentioned, this is a tab that you'll have to look for specifically if you want to look through it, as it's not included among the main ones. Incoming to you The feature seems to be rolling out slowly to users all over the world and looks like a great and interesting addition. After all, who doesn't like to be able to search through their personal data so easily and from a single interface? The feature works on both the web and the mobile versions of Google, so you can enjoy it wherever you are and whenever it happens for you to need to find something in your personal data without opening up loads of extra apps or, depending on what device you're using, tabs. To alleviate any worries people may have, the company added a notice on this new feature which states that "only you can see these results." This, of course, should make anyone concerned with seeing their private photos in a Google box relax some. Source
  10. Google takes steps to increase security Following the famous Gmail phishing attack from just a few days ago, Google has decided to make it more difficult for apps to get access to people's data. The company announced that new applications that request access to user data will, from now on, face more scrutiny. Some of these apps may even "qualify" for a manual review due to Google's enhanced risk assessment. “Until the review is complete, users will not be able to approve the data permissions, and we will display an error message instead of the permissions consent page. You can request a review during the testing phase in order to open the app to the public. We will try to process those reviews in 3-7 business days. In the future, we will enable review requests during the registration phase as well,” Google informs developers. Developers will continue to use their apps for testing purposes even before they get approved. They'll need to log in with an account registered as owner or editor of the project in the Google API Console. From there, they'll be able to add more testers and to start the review process. To add an extra layer of security, Google has updated the app identity guidelines. In them, it states that apps must not mislead users, which also indicates that they need to have unique names and not copy other apps, which is something that has happened countless times already. “These changes may add some friction and require more time before you are able to publish your web application, so we recommend that you plan your work accordingly,” Google says. Multiple changes to increase security The changes come as a result of the attack that took place a few weeks ago. Gmail users started receiving phishing emails pretending to be from someone they know who was looking to share content with them on Google Docs. A link took people to a login page where a fake Google Docs app requested permission to people's contacts and emails. The attack was stopped within an hour and the company said that less than 0.1% of Gmail users were even impacted by the incident. The company has already tighten OAuth rules, it's anti-spam systems, and more. Source
  11. Gmail Notifier Pro - the program to alert you when new mail in service Gmail. However, Gmail Notifier is more than just a tool for warning, it can be used to check the mail, as well as create new messages from the desktop interface, the choice of the type of account (Google Gmail Atom, Google Gmail IMAP, Google Calendar, subscribe to a feed and Google Reader ) and much more. You can also keep track of multiple accounts from Gmail. After installing the software, open the Options and set the account Gmail. You can use the method of both Atom and IMAP. After setting, you can see all the messages in the main window and a separate window allows you to view the contents of your email. Every time when a new e-mail message, you will receive a notification with the desktop will look pretty cool. The program supports themes that can be customized from the window Options. Set up a notifier so you more like it. When you need to create a new message, just click on the Compose New Email option in the system tray. Features: Gmail Notifier Pro provides many easy-to-use and settings. Checking multiple Gmail accounts for new mail - including Google Apps accounts. Displays pop-up notifications and plays audio message alerting the user when new mail arrives. A complete overview of all unread messages in all your inboxes. Support Atom and IMAP protocols. Allows you to create and respond to email without opening a browser. Integration with Google Contacts. Website: http://www.gmailnotifier.se Release date: 14 May 2017 OS: Windows XP / Vista / 7 / 8 /10 Language: ML Changelog: Download setup Download portable Installer + Fix: Site: https://cloud.mail.ru Sharecode: /public/5Gu2/bP9EQYCMh Installer + Fix + Portable: Note: Just copy the link and sharecode together and then press enter. You need to enter the credentials as mentioned in main post. The d/w starts immediately. Site: http://95.141.193.17 Sharecode: /noload2/files/061/Gmail.Notifier.rar Usrname: rsload.net Pwd: rsload.net Noy medicine - shared by Siddharta N.B. - shared by Siddharta If you're looking for ConfigDat.xml >>> open run (Windows logo + R) and type: %appdata%\GmailNotifierPro Then replace with keygen registration <RegisteredUser><Name>XXXXX YYYYYY</Name><EMail>[email protected]</EMail><RegistrationCode>4ACXXXXXXXXXXX3EC1</RegistrationCode></RegisteredUser> Note: The xxxx (yyyyy)is personal data or names My Crack Gmail Notifier Pro 5.3.5 - by bb2018: Site: https://www.upload.ee Sharecode[?]: /files/7008428/Crack-Gmail_Notifier_Pro_5.3.5_.rar.html
  12. Following the widespread phishing scam that affected Google Docs and Gmail users this week, Google says it’s now rolling out a new security feature in its Gmail application on Android that will help warn users about suspicious links. This feature may not have prevented this week’s attack, however, as that attack involved a malicious and fake “Google Docs” app that was hosted on Google’s own domain. However, the additional security protection is a step in the right direction, given how many users access Gmail on mobile, and the increasing sophistication of these phishing attacks that can even fool fairly tech-savvy individuals. In this week’s attack, for example, you would have received an email from a known contact who said they were sharing a document with you. When you clicked to open the document, you’d be taken to an innocent-looking web page hosted by Google. The page wouldn’t even prompt you for your password, but instead listed all your Google accounts ready to be clicked. You would be asked to give an app named “Google Docs” account permissions – but it wasn’t the real Google Docs. And once it had access, the worm began spreading to everyone in your contacts list. The new phishing protection in the Gmail app for Android relies on Google’s Safe Browsing technology, which can warn web users if they’re about to visit a page that’s impersonating a legitimate website, like a bank, online store, or any other site trying to trick you into sharing your username and password information. In Gmail, if you click on a suspicious link in your email message, the app will display a warning messaging that reads: It then informs you that if you choose to proceed to the site, you do so at your own risk. It doesn’t seem likely that the recent phishing attack would have been flagged by this system at the time of its occurrence, as it was a hosted app on Google’s own domain. Google said on Wednesday it had taken action against the phishing attack that had affected Gmail and Google Docs users. It disabled the offending accounts. removed the fake pages, and pushed updates through Safe Browsing and its abuse team. The company also requested users to report any suspect phishing emails in Gmail. The new mobile feature is rolling out this week to Gmail users on Android. Source
  13. The fake Google sign-in page looks exactly like this. With a little know-how, most phishing scams are pretty easy to detect. This one, on the other hand, is devilishly clever and just might dupe you if you’re not careful. The way this phish scam works is simple. Wordfence, who brought light to the scam, says the attacker creates an email address to disguise themselves as someone you know. Then they send you an email with an attachment, like a PDF or Word doc, that looks legitimate. When you click the attachment to see a preview of it, you get redirected to a Google sign-in page where you enter your credentials. Here’s the trick: those attachments aren’t attachments—they’re embedded images designed to look like attachments that link out to a fake Google sign-in page. You can see an example of how real they look in Tom Scott’s tweet below. What’s worse is everything about the fake Google sign-in page looks normal. The logo, text boxes, and tagline are all there. The only difference is in the address bar, where careful eyes will see that the page is actually a data URI with the prefix “data:text/htyml”, not a URL with the standard “https://”. But if you don’t spot it, the attackers get your information and use it to send out more of the same phish emails to your contacts. Google has since updated Chrome to 56.0.2924, which makes it easier to spot fake forms like these, but it doesn’t exactly stop this type of scam dead in its tracks. And whether you use Chrome or not, it’s important to stay vigilant and keep your eyes peeled when checking email. Article source Other source: Warning: Dangerous new Gmail phishing attack can easily steal your Google login
  14. Gmail gets a new feature Gmail users will soon be able to enjoy a new feature allowing them to watch videos right within their emails. For many years, Gmail users have enjoyed some rather great features, but they don't have it all. Google is doing its best, however, so the latest update will allow users to watch videos within Gmail, by using the same streaming infrastructure as YouTube and Google Drive. The thing is, this new feature only works if you're sending over small videos, because, as everyone knows, Gmail only permits attachments of 25MB. When it comes to video content, especially of higher quality, 25MB is easily reached even with short clips. Those larger files are automatically uploaded to Google Drive anyway, which means they can be streamed regardless if Gmail supports this feature or not. The change obviously targets smaller clips, funny videos you want to share with your friends and family of your dog chasing its tail, or your kid throwing the food bowl across the room. Now, people won't have to download the attachment anymore, and when it comes to less tech-savvy family members, that can only mean you save a lot of time you'd spend explaining how to open a downloaded file. Changes coming soon "Today, we’re rolling out a quality of life improvement to Gmail desktop users that makes previewing video attachments in Gmail much smoother and quicker. Previously, in order to view a video attachment in Gmail, you would have to download it to your computer and open it with a media player. Starting today, when opening an email with video attachments, you will see a thumbnail of the video and have the ability to stream it, right from inside Gmail," reads Google's blog post. The changes are incoming, but it might take two weeks to see them in your Inbox, depending on how Google's gradual rollout hits you. Source
  15. The ban was announced a few weeks ago, but it's finally live That's it. Say goodbye to sending JavaScript attachments via Gmail because the mailing service has turned its back to it for good. The move was announced a few weeks back and it's simply a security move since so much malware has been found hiding in JavaScript in recent years, with the situation escalating over the past few months. Now, if you try to send a JavaScript attachment using Gmail or if you want to download such an attachment from an older email, you'll get a new warning saying "Blocked for security reasons." Alternatively, you'll also find the message "1 attachment contains a virus or blocked file. Downloading this attachment is disabled." Not the only one blocked There's a long list of file types that have been blocked by Gmail over the years for security reasons, including .exe, .jar, or .pif, to name a few. "To prevent against potential viruses, Gmail doesn't allow you to attach certain types of files, including: certain file types (listed above), including their compressed form (like .gz or .bz2 files) or when found within archives (like .zip or .tgz files), documents with malicious macros, archives whose listed file content is password protected, archives whose content includes a password protected archive," reads Google's blog post about the situation. There are some workarounds Google set in place if you really, really, want to send a JavaScript attachment, namely by attaching it via Google Drive, Google Cloud Storage or any other storage solution. That's mainly because once you upload a file to a cloud service such as Google Drive, it automatically gets screened for viruses and malware, which works even if the file has been archived in a .zip or .rar, for instance. Then, when you're sending people the download link they know it's supposed to be safe because it's already been scanned and their risk levels are lower. Ref: < http://news.softpedia.com/news/sending-javascript-files-over-gmail-no-longer-possible-513108.shtml >
  16. Gmail users can expect the introduction of SMTP Strict Transport Security to the email service some time this year, bringing a measure of security similar to certificate pinning to one of the world’s biggest webmail services. Elie Bursztein, the head of Google’s anti-abuse research team, said at RSA Conference that SMTP STS will be a major impediment to man-in-the-middle attacks that rely on rogue certificates that are likely forged, stolen or otherwise untrusted. Google, Microsoft, Yahoo and Comcast are expected to adopt the standard this year, a draft of which was submitted to the IETF in March 2016. Certificate pinning, or public key pinning, relies on a list of trusted public key hashes assigned to a particular connection and rejecting any other. For now, connections only verify that a TLS certificate is present. Bursztein’s announcement came during a talk on Thursday during which he illustrated how different threats to corporate and personal Gmail accounts such as spam, phishing, malware, impersonation and interception attacks vary by industry and geography. He also shared how new defense mechanisms implemented in the past 24 months have made Gmail sturdier. “We are stopping hundreds of billions of attacks every week,” Burszstein said. “Every minute, we have to stop more than 10 million attacks with 99.9 percent precision. The way we are doing this is reacting quickly to emerging threats.” Burszstein told a strong story with regard to Gmail’s security against impersonation attacks, noting that 80 percent of inbound messages from other providers to Gmail are now encrypted, while 87 percent of outbound messages from Gmail to other providers are encrypted. These numbers are up from 65 percent and 50 percent respectively as of June 2014. Burszstein said that a decision to add visual cues to users that certain Gmail messages may be untrusted helped spike adoption of encryption. One such measure was a UI change to display a broken lock in the inbox indicating that the email about to be sent is being sent in the clear. “This tells you the email you are about to send is not encrypted and could be intercepted in transit,” he said. “This helps the user make a better choice by highlighting this to the user.” After implementing the lock, he said Google recorded a huge bump in inbound encrypted traffic it was receiving. “Increasing encryption visibility helped speed up adoption,” Burszstein said. On the spam front, Burszstein said Google relies on deep learning to extract more meaning out of data for high precision and learning. He said Gmail took a page from Google’s photo tagging capabilities which use deep learning to understand the context of an image and automate tagging of other photos. “It’s very good at finding spam too,” he said, citing Gmail’s 99.9 percent accuracy rate detecting spam, 3.5 percent of which he attributes to deep learning. Burszstein also advocated for organizations to commit to enhancing DMARC, DKIM and SPF rollouts, each of which have very different roles in securing emails from assuring messages are signed with a public key, to allowing companies to specify which servers it will trust, to what to do with unsigned messages, whether to toss them into a spam folder or reject them outright. He also pointed to visual cues on the authentication front such as Gmail’s assigning of icons to trusted users while throwing up a red question mark for unauthenticated senders. This too was a driver in increasing adoption of all three protections, reducing the number of unauthenticated messages in 2014 (5.8 percent) to last year (1.8 percent). Burszstein shared some data on the effectiveness of training in combatting phishing threats and how Google’s visibility into malicious traffic via email can spot trends, for example, as to how certain ransomware families spread differently (Office documents, macros, or JavaScript droppers) according to detection rates and submissions to VirusTotal. By Michael Mimoso https://threatpost.com/smtp-strict-transport-security-coming-soon-to-gmail-other-webmail-providers/123789/
  17. Some Gmail users may soon find themselves at a higher risk for security problems and without access to updates and new features. Google recently announced via a blog post that Gmail will no longer support Chrome Browser version 53 and earlier. Beginning on February 8, 2017, a banner will appear at the top of the page in Gmail for users who access it from Chrome version 53 or earlier encouraging them to upgrade their browser, the post said. At the time of this writing, Chrome is on version 55, which contains several key security features, the post noted. It's important to note that Gmail is only ending support for these Chrome versions. So, users on Chrome 53 will still be able to access Gmail, and it will function properly, but it will be more vulnerable to security risks and users will not have access to updates or bug fixes, the post said. Gmail will function properly on these Chrome versions until the end of the year. However, the post noted, some users who don't update their browser may be "redirected to the basic HTML version of Gmail as early as Dec. 2017." Users on the Windows XP and Windows Vista operating systems are those who are most likely to be affected by the news, as Chrome version 49 was the last version that included support for those particular Windows systems. The post encouraged users who may be using these operating systems to switch to "more secure and supported systems." In the enterprise, administrators are encouraged to update users to the latest version of Chrome. However, if you rely on legacy apps or operating systems that require an older version of Chrome, that might not be an immediate possibility. Google isn't known for announcing discontinued support for Chrome versions, the post said, as the company's policy is to only support the current version of Chrome. The post said that Google intentionally called this out to minimize the impact on specific Windows XP and Windows Vista users. Google has also taken other steps to secure Gmail recently, including new warnings against potential phishing campaigns and more. Source
  18. Google announced that it implemented S/MIME (Secure/Multipurpose Internet Mail Extensions) encryption, with a twist, for its enterprise customers. That twist is that its implementation of S/MIME, which is typically an end-to-end encryption protocol, is centralized or “hosted” by Google. In other words, Google can see what’s in all of those S/MIME-protected emails. S/MIME Protocol The S/MIME protocol was first invented in 1995. A few years later, it also became an IETF standard (after a few more modifications to the original protocol). S/MIME aimed to be an end-to-end encrypted protocol that would replace the non-encrypted SMTP email protocol. It was also meant to be a little easier to use than PGP (Pretty Good Privacy), another end-to-end encryption protocol that was invented a few years before S/MIME. With PGP, users have to share their public keys with each other prior to using end-to-end encryption, but with S/MIME, this key distribution is handled by a Certificate Authority that gives each user a certificate. Importing the certificate in the email client and signing email messages with it is what proves that the senders are who they say they are. Google’s Hosted S/MIME Google said that instead of supporting the standard client-side S/MIME protocol that allows users to encrypt emails end-to-end (meaning only the sender and receiver can read the emails), it will host all of the users’ certificates and private keys on its own servers. This will allow the company to essentially read (with its computers) all communications that are protected by S/MIME. From this point of view, it’s no different than the way Gmail emails are encrypted today with TLS. Google said that this will make it more convenient to enterprise customers to use S/MIME encryption, although without the benefit of end-to-end encryption. The company said that doing things this way allows it continue to stop phishing attempts and block spam email. The fact that email companies wouldn’t be able to stop spam has long been a criticism of end-to-end encryption. However, WhatsApp seems to have managed quite well by employing techniques that don’t even require them to see people’s messages to block spam. The techniques seem to involve a combination of verifying the identity of the sender and by tracking their behavior. For instance, if one user sends messages to 100,000 people, chances are that user is spamming. WhatsApp’s anti-spam solution is likely a little more advanced than in that example, but the point is stopping spam when end-to-end encryption is used is not as impossible as previously thought. It’s Not All Bad Although Google is essentially downgrading the security of the S/MIME protocol, the move still seems to be an upgrade over the existing, mainly hacked-together email encryption and authentication solutions. The email protocol was never designed to be encrypted, so even today’s best improvements made to it can’t guarantee the security of the message in transit. This is especially true if the recipients use email services that don’t support the same encryption and authentication protocols that Gmail supports. With S/MIME, the messages are encrypted with symmetric encryption as well, so it doesn’t matter what sort of hops it passes until the destination, as the messages will be unreadable to anyone intercepting them. They are also automatically signed by the senders, which will guarantee that the senders are who they say they are. Of course, digital certificates are still vulnerable to certificate authorities going rogue or to being stolen from Google’s servers. The latter is something that may be quite difficult to achieve these days, but likely not impossible. Is Google Giving Up On End-To-End Encryption? Back in 2014, and soon after Edward Snowden made public the extent of the NSA’s mass surveillance, Google started working on an end-to-end encryption tool called, appropriately, “End-to-End.” The company seemed furious that the NSA broke into its network and monitoring every packet going through its unencrypted internal network. From that point forward, it started aggressively adopting encryption everywhere it could add it, whether it was for internal or external communications, or for securing data at rest. One of those measures also involved starting End-to-End. This was a browser extension that would work with multiple email providers (Yahoo joined as well, but it later dropped it around the time it allegedly gave NSA access to its networks), and it would provide PGP end-to-end encryption to users that wanted it. The project doesn’t seem to have been touched for almost a year (at least in its public code repository). After we contacted Google to ask about this a few months ago, the company declined to give a clear answer on whether it’s still working on this specific project. Google did launch Allo with end-to-end encryption provided by the Signal protocol, but it’s not enabled by default like it is for the Signal app itself, or WhatsApp. There is also no easy way to make end-to-end encryption the default, if you’re not interested in using Allo’s AI assistant. “Incognito” chats have to be started manually with each contact. Unlike Signal and WhatsApp, Allo also doesn’t provide safety numbers that guarantee there’s no man-in-the-middle attack. Avoiding Public Email Exposure If companies want to avoid the type of hacks that hit Sony, the Democratic National Committee, and other organizations that exposed everyone’s emails, then end-to-end encryption is still the way to go. This may include the client-sided (non-hosted) S/MIME protocol or PGP, or even using a service such as ProtonMail. For other companies that don’t worry as much about Google being hacked (again) and just want an easy to use, well known, and well supported encrypted email service, Gmail’s new hosted S/MIME protocol may still be an acceptable compromise and an upgrade over their existing email encryption hygiene. Bu Lucian Armasu http://www.tomshardware.com/news/google-hosted-smime-gmail-encryption,33582.html
  19. Malicious emails often attach various forms of executable programs and trick users into running them. These include standard Windows executables (.exe), batch files (.bat), and even JavaScript files (.js). Starting February 13, 2017, Google will not allow JS files to be sent as an attachment, including JS files detected within archives. If you're not familiar with web development, JavaScript is a common language used when developing web applications, and JS files are often loaded as part of web pages. However, opening an unknown JS file on Windows can be dangerous, as it runs inside Windows Script Host by default. From there, the script can easily run Windows executables. While blocking .js attachments is a step in the right direction, it is unclear if any warnings will be shown when receiving emails with JS files attached. Source: G Suite Updates Article source
  20. Gmail Users Under Attack As Hackers Develop Sophisticated Phishing Technique New phishing attack launched against Gmail users Specifically, attackers are now sending emails to Gmail users with embedded attachments that look like images and which require just a click to launch what is supposed to be a preview of the picture. Instead, the attachment opens a new tab in your browser that requires a re-login. When inspecting the typical elements that could point to a phishing scam, such as the address bar, everything looks legit, as in this case the URL is the following: “data:text/html,https://accounts/google.com.” So naturally, most users would provide their Gmail credentials, but as WordFence reports, once you do that, the account is compromised. Surprisingly, the hacked Gmail account is almost instantly accessed in order to retrieve the contacts and then uses the same phishing email to spread the attack. Using email addresses from a person’s contacts can make emails look even more legitimate, thus helping compromise a bigger number of accounts. Most likely, the access is automatically performed by a bot, but there’s also a chance for attackers to do the whole thing manually in order to collect email addresses. How to detect the phishing attack The easiest way to determine that a message is a phishing attack or not is by looking in the address bar. As we’ve told you before, attackers were particularly focused on ways to make the URL look more legitimate, but in reality, there are a lot of white spaces that you can remove to check out the end of the address. If you do that, you can notice that the URL ends with a script that’s supposed to launch the new tab and point the browser to the phishing page used to steal login credentials. Google has already offered a response, according to the aforementioned source, but it’s not what you think, as the company doesn’t seem to be too keen on blocking the attacks. “The address bar remains one of the few trusted UI components of the browsers and is the only one that can be relied upon as to what origin are the users currently visiting. If the users pay no attention to the address bar, phishing and spoofing attack are - obviously - trivial. Unfortunately that’s how the web works, and any fix that would to try to e.g. detect phishing pages based on their look would be easily bypassable in hundreds of ways. The data: URL part here is not that important as you could have a phishing on any http(s) page just as well,” the firm said. The easiest way to keep your account secure, even if you fall for this phishing attack, is to enable two-factor authentication for Gmail, which means that in case you do provide your login credentials on the phishing website, the attacker shouldn’t be able to access your account anyway. Source Alternate Source - Don't Fall For This Dangerously Convincing Ongoing Phishing Attack
  21. Android User Locked Out Of Google After Moving Cities Image Courtesy: Techworm An Android user has been locked out of his Google account apparently because he moved cities, according to a post on Reddit. The explanation offered by Google support staff was that since his address details differed, billing information with Google wasn't current and hence the user's purchases could look fraudulent. The user in question does not know for sure that this is the reason; during his interactions with Google support to find out why he had been locked out, he was told that When asked what he could do, he was initially directed by Google staff to a site where he had to scan his driver's licence and credit card and told that he would have to wait 24 hours to get his account unlocked. But after this time passed, he was told that the account would not be unlocked and Google would not tell him why. He was advised to abandon his old account and start a fresh one. However, this meant he could not use the credit card that he had used on the old account and would have to obtain a new one to continue using Google's services. All his previous purchases would not be transferred to the new account, he was told. An email he sent to Google support resulted in the following reply: Source
  22. Introduction Gmail allows its users from all over the world to use multiple email addresses and associate or link them with Gmail also Gmail allows you to set forwarding addresses so the emails which you receive are also sent to the one which you have forwarded. These two modules were actually vulnerable to authentication or verification bypass. It's similar to account takeover but here i as an attacker can hijack email addresses by confirming the ownership of email and was able to use it for sending emails. Technical Details If you click on the gear button in Gmail and after you will see two modules there one with a name of " Account and Import " > " Send Mail As " and Forwarding Module was affected. This is a logical vulnerability which allowed me to hijack email addresses from Gmail. Any Gmail address which is associated or connected with Gmails SMTP was vulnerable to this security issue. It could be @gmail.com or @googlemail.com or @googleemail.com etc. We are aware of the fact that Gmail gives us report regarding the mail delivery if email was sent or not, Likely if we send email to any email addresses which dose not exist or is offline Gmail will bounce back a message with a subject of Delivery Status Notification which contains the reason why Gmail actually failed to deliver your email to the recipient. To hijack any email address there should be any of the following case in order to make it successful If recipients smtp is offline If recipient have deactivated his email If recipient dose not exist If recipient exists but have blocked us Cases could be even more In all of the above cases recipient wont be able to receive any email from our addresses and all i needed was a bounced Delivery Notification because Emails which were getting bounced back with a notification stating that your email wasn't delivered for the following reason was also responsible for containing Verification Code and Activation Link with a complete message which was sent for verification to the given address which you want to associate with. Now that verification code could be used to verification and confirm the ownership of the email address, This actually which kills the concept of verification. Same procedure was also applied to Email forwarding module and i also found it vulnerable. All we need is addresses which is not capable to receive emails from our side referring to the cases mentioned above. In the image shown above you can clearly see how Gmail was bouncing back the email which contains the content forwarded for verification to the recipient and contains link and code for verification to confirm ownership. There is a scenario where attacker can trick victim in deactivating his account or attacker can also trick victim in blocking his email address so that he may not be able to receive emails from outside and once he dose that we can hijack his email address easily because gmail was bouncing back the email which contains the verification code. Moreover Forwarding section also requires a confirmation which was also affected. Procedure Attacker try's to confirm ownership of [email protected] Google sends email to [email protected] for confirmation [email protected] is not capable to receive email so email is bounced back to Google Google gives attacker a failure notification in his inbox with the verification code Attacker takes that verification code and confirms his ownership to [email protected] You can clearly see the procedure in the video which was recorded at the time when it was vulnerable After confirming the ownership i was able to use it likely for sending emails and could be also used as an alias. Timeline 20 OCT > Reported to Google 20 OCT > Report triggered 1 Nov > Report Acknowledged in Hall of Fame One of the sad part in this research is that, i was not rewarded for such a serious security issue but they acknowledged my research and listed me in Hall of fame. Article source
  23. LinkedIn users are showing concern today as it comes to light that the business network will access a user’s Gmail contacts if the user has a Gmail session and a LinkedIn session open in the same browser – and LinkedIn has confirmed that there is currently no way to turn off what it refers to as the ‘auto-authorization’ that lets this poaching occur. Scientist Forrest Abouelnasr published a digest of his conversation with LinkedIn support after he began to notice impossible associations cropping up on his LinkedIn page: ‘I’ve never knowingly given linkedin permission to access my gmail contacts, but it keeps suggesting I connect on linkedin with people whose only connection to me is messages through gmail – and it usually happens suspiciously right after I send and receive a few emails from that person. This behavior has in the past included people whom I know do not have a linkedin account, since it suggests that I “invite them to linkedin” – which means the other person cannot be allowing linkedin access to their emails, it must be through my linkedin account.’ LinkedIn’s initial response to Abouelnasr suggested that he may have been unaware of the ramifications of sending invitations and using features which he had, in fact, not used – and the explanation didn’t seem to add up. On further investigation, the same representative looked further into the matter and discovered that this ‘infection’ between Gmail and LinkedIn is by design: ‘What you have encountered is that the people you may know could have been uploaded to LinkedIn through auto authorization if you had at any time your LinkedIn account open and accessed any of your emails through the same browser…In order from preventing this from happening again, you will want to be careful to not open up your personal email address in the same browser when you have your LinkedIn account open.’ When Abouelnasr asked how he could revoke this ‘auto-authorization’, he was told: ‘There is not a setting to specifically turn this feature off. The only way to truly prevent this from happening again is to open up those items in separate browsers. We are not doing this to invade your privacy, we are doing this to assist you in growing your network. We don’t share this information with anyone else and is particular to your account only.’ This case is of particular interest to me, since I have been trying to get a response from Facebook for some time over exactly the same issue – that people I have only ever connected with via Gmail and never even looked up on Facebook have begun appearing as friend recommendations. At a technical level this kind of cross-site cross-pollination is quite achievable with the technical resources available to the major players concerned – supercookies, canvas fingerprinting, and global cookies acting as cross-site intermediaries all offer the possibility of breaking through a website’s sandbox. But since both Gmail and LinkedIn use secure (https) protocols universally, it would be interesting to know the mechanics of this particular type of data heist. And it is hard to see how cookie-style data could deliver a complete contact list without a dedicated API to facilitate it. It is worth noting that ‘auto-authorization’ is surely a contradiction in terms..? Article source
  24. Is this a genuine scan Michelle Obama’s passport that has been published on the internet? DC Leaks, a site which has made the headlines in recent months by publishing the leaked email archives of high profile figures including billionaire George Soros and former US Secretary of State Colin Powell, has seemingly struck gold again – compromising the personal Gmail account of part-time White House worker Ian Mellul. Why should that make headlines? Well, Mellul has been actively working on Hillary Clinton’s campaign to be the next US President, and has organised travel and events for – amongst others – First Lady Michelle Obama and Vice President Joseph Biden. In one of the leaked emails there are 24 photographs of passports, including what appears to be Michelle Obama’s passport, revealing her passport number, date of birth and other information. Now, because Mrs Obama is such a high profile figure it’s not as though it’s any mystery what her date and place of birth is… but it’s a vivid depiction of just how much harm could be caused if a hacker breaks into an email account. Other documents released by DC Leaks show PowerPoint presentations outlining past trips by the Vice President, describing his planned route, who he will be meeting, and details of who we will be travelling with. The big question on my mind is why is such potentially sensitive information about VIPs being glibly emailed via a free webmail service like Gmail? You would like to think that anyone working in close proximity to the First Lady, the Vice President, and the potential next President of the United States, would be instructed to only use secure communications under the control of the White House’s IT security team, encrypt sensitive conversations, and have their accounts hardened with technology such as two-step verification. Quite how this Gmail account was hacked is currently a mystery, but it wouldn’t be a huge shock if it was determined that its owner was duped by a phishing email or made the classic mistake of reusing a password that they use elsewhere on the net. Users of Gmail – whether working for the White House or not – should enable two-step verification and check that their accounts are not forwarding messages to another account without approval. It is also sensible to check that your Gmail account has not been set up to delegate access for someone else to read your emails on your behalf. But really, when it comes down to it, your IT department probably wouldn’t be happy seeing you using your personal Gmail account for work. Some have speculated that DC Leaks might have links to Russian intelligence agencies, but as yet we seem to be no closer to confidently identifying who is taking such an interest in emails sent by White House staff. Source: https://www.hotforsecurity.com/blog/hackers-hit-white-house-staffers-gmail-account-raises-security-concerns-by-leaking-sensitive-emails-16732.html
  25. Fix Thunderbird Won’t Let You Sign In To Gmail Find out what you can do if Thunderbird displays a Google sign in popup but won't sign you in to the account because of blocked cookies. As you may know, I use Thunderbid as may main desktop email program. I use it with various email providers, including Gmail. Everything worked fine up until this morning. I received mails to the Gmail account and was able to browse mails and compose them as well. About an hour ago I started to get a popup informing me that I had to sign in to the Google account again. The dialog did display the URL the request came from, it was a Google URL, so I knew it was legitimate. Also, checking to see if I could still access Gmail content in Thunderbird, I noticed that I could not. I entered the Gmail email address and password, and was redirected to a "cookies disabled" page instead of the second verification step of two-factor authentication. I tried again and same result. That was quite puzzling as I did not make any changes to Thunderbird. When I checked the cookies setting in the email client, I noticed that cookies were disabled. That was the reason for me not being able to sign in and authorize the Gmail account for use in Thunderbird. Note: While I experienced this with Gmail, you may experience it with other email services that rely on cookies for authentication. Here is how I fixed the issue: Open the Thunderbird email client. Select Tools > Options > Privacy. Check whether "Accept cookies from sites" is enabled, or if the mail server is listed as an exception. The accept cookies from sites preference was disabled in Thunderbird. I did not do it, and I'm not sure how it reset itself on its own. Anyway, I enabled the option again, and made sure that third-party cookies are not allowed. I entered the Google account information again and it worked this time. Got the second authorization step and regained full access to the Gmail account in Thunderbird. The same method works for any other email account, and also for calendar syncing. If you have added Google Calendar to Thunderbird for instance, you may run into the same issue. You may also use the same fix to correct the issue. Source
×