Google’s Own Email Filters Flag Google’s Party Invite as Malicious

A cybersecurity reporter says his own Google-provided email app flagged an email about a Google party because it included content “typically used to steal personal information.”

|
Dec 12 2018, 6:48pm

Google CEO Sundar Pichai rubs hands on stage at the Google 2014 I/O Conference.

On Tuesday, Google’s CEO Sundar Pichai finally appeared for the first time in front of American lawmakers.

The elected officials on the House Judiciary Committee asked him about why googling “idiot” turns up pictures of Donald Trump (SEO), and inquired about the company’s controversial project to launch in China (It’s called DragonFly and Google’s own employees are protesting it.)

Hours later, the multibillion company celebrated its 20th anniversary at a party in Washington D.C. called “20 Years of Big Moments.” (It’s unclear whether Pichai told the lawmakers who showed off some of their iPhones about the fact that some Android phones also get regular security updates now).

In a rather unfortunate turn of events, at least one invitee had trouble getting to the party because of Google’s technology. Wall Street Journal’s reporter Dustin Volz joked on Twitter that he couldn’t get in “because Google flags its own invite email as malware.”

Indeed, his phone’s app showed him a somewhat ominous alert, which Volz shared with Motherboard.

google-birthday-party-dc-email
A screenshot of the alert.

We reached out to Google and will update this piece with their comment if we hear back.

Full disclosure: I was not invited to the party but I have seen this warning before. And it’s generally a good thing: you want Google—or your email provider of choice—to filter email for you. Otherwise you’d spent all day going through your spam-infested inbox.

Out of curiosity and in an attempt to find out more about it, I Googled the warning Volz received: “be careful with this message. It contains content that's typically used to steal personal information." The third result, which is also the only one in the first page of results that’s hosted on an official Gmail Help Forum, links to a question from 2014 where people discuss this warning showing up on legitimate emails.

Got a tip? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at lorenzofb@jabber.ccc.de, or email lorenzo@motherboard.tv

As anyone with an email account can attest, spam is a big problem on the internet. As someone who gets calls every week from people who think I work at Google, the company could probably do a better job documenting some of these warnings and assisting its users.

To its credit, Google has done a lot of tireless work over the years to fight against spam and dangerous hackers. That’s one of the reasons why many companies and humans use Gmail. In the Motherboard Guide To Not Getting Hacked, we advise people that having a Gmail (or Microsoft) hosted email account is probably better than hosting your own email, or trusting another company with a smaller security team.

But that’s another story about threat modeling. Luckily, Volz told me this warning did not actually stop him from getting into the party.

Listen to CYBER, Motherboard’s new weekly podcast about hacking and cybersecurity.