All that glitters is not gold, as Plummer reported that the scammers routed an email through Facebook to a UK IP address, through O365, and to him with an appended verification checkmark. Subsequently, he reported the issue to Google, hoping to get it fixed so less eagle-eyed recipients would not be fooled by the trick. Sadly, though, Google reportedly closed the ticket calling it intended behavior.
Thankfully, after his initial tweet received more exposure, Google looked into the matter a little closer and reopened the bug report with a high priority and severity level.
Regardless of the bug or checkmark system, people should always be wary of all emails and senders. In this case, though the checkmark was there, the email address was not legit looking even though it had UPS in the shown email address, which could also be spoofed. Better to be safe than sorry, folks—don’t put all your trust in Google protecting you from scammers, as mistakes can and certainly do happen.
