gmail warns about encrypted PDF file

I recently received a PDF file that, when attached to a gmail message, causes a warning to be displayed as follows:

Encrypted attachment warning – Be careful with this attachment. This message contains 1 encrypted attachment that can’t be scanned for malicious content. Avoid downloading it unless you know the sender and are confident that this email is legitimate.

However, I am able to open the file without getting prompted for a password. I followed the advice given in this security stack exchange question and used the pdfid.py program whereupon I got the below output:

$   pdfid.py ~/Downloads/filename.pdf PDFiD 0.2.7 /home/username/Downloads/filename.pdf PDF Header: %PDF-1.6 obj                  402   endobj               402  stream               401   endstream            401 xref                   0 trailer                0 startxref              1 /Page                  0 /Encrypt               1 /ObjStm               15 /JS                    0 /JavaScript            0 /AA                    0 /OpenAction            1 /AcroForm              1 /JBIG2Decode           0 /RichMedia             0 /Launch                0 /EmbeddedFile          0 /XFA                   0 /Colors > 2^24         0 

It would seem to me that since this file contains no JavaScript it is safe to open and handle. But I am puzzled by the encrypted message that Gmail displays. I guess it is related to the /Encrypt flag that’s set on the above output.

Why is Gmail telling me that the file is encrypted even though I can open it without being prompted for a password and would that, on its own, be reason for concern?

10 ~ 100 GMAIL FOR SELL ONLY $3

If you have difficulty paying please contact me. I’ll help you

Account Type: Normal Gmail Account

(ID and Pa**sword will be given)

10 Gmail Accounts = $ 3

20 gmail accounts = $ 5

50 Gmail Accounts = $ 12

100 gmail accounts = $ 22

If you have any query
Message me on here or leave a comment
OR
# Skype: absiddik56
# whatsapp: +8801731527736
# Email : mirjewel24@gmail.com
# FB Messenger: m.me/abubakarsiddik318
# Discord : absiddik#1238
# telegram : absiddik

Spam issue regarding security on gmail app

I have been getting a ton of spam email, so I looked at one of them. I did not click anything, or download anything. However there was a spammy image with option to click on (as they always do).

Would this infect my device or the app (gmail app)? I am using an android phone. All I did was look at a spam email.

As checks, I ran the play protect from the play store. In addition, I have run several malware detection apps: Malwarebytes,Bitdefender etc. I have also looked at the installed apps and used safe mode just in case. Nothing has turned up, all of these steps show no infections.

My questions: a) is there any other check I should do? b) does just looking at an email cause an infection on the gmail app on android?

Suspicious hop on gmail

I received a suspicious message today from a friend of mine’s inbox, I suspect it’s been compromised.

I analyzed the header and obviously coming from the mail server gmail has all the authentication parameters configured (SPF,DKIM,DMARC) and correctly passed.

I’m suspicious of the first hop that the mail performs on an IPV6 with HTTP protocol

msgHeaderHop

Is it considered a regular activity?

Gmail shows my photo after I enter my emaill address (but before my password)

If I have a profile photo associated with a Google account, then when I enter my email address into GMail, but before I enter my password, the photo is shown.

Is there a possible security breach there? For instance, if someone guesses at an email address, perhaps after obtaining part of it, the photo appearing confirms ownership, without that someone needing to know my password.

I know not to associate a picture with my account, others may not; but let’s discuss Google’s side of things, not the account holder’s.

If I send a plaintext e-mail using Gmail to somebody, including my PGP public key block, is that secure?

I’ve been trying to figure out “practical encryption” (AKA “PGP”) for many years. As far as I can tell, this is not fundamentally flawed:

  1. I know Joe’s e-mail address: cool_joe@gmail.com.
  2. I have a Gmail e-mail address: me_78@gmail.com.
  3. I have GPG installed on my PC.
  4. I send a new e-mail to Joe consisting of the “PGP PUBLIC KEY BLOCK” extracted from GPG.
  5. Joe received it and can now encrypt a text using that “PGP PUBLIC KEY BLOCK” of mine, reply to my e-mail, and I can then decrypt it and read his message. Inside this message, Joe has included his own such PGP public key block.
  6. I use Joe’s PGP public key block to reply to his message, and from this point on, we only send the actual messages (no key) encrypted with each other’s keys, which we have stored on our PCs.

Is there anything fundamentally wrong/insecure about this? Some concerns:

  1. By simply operating the e-mail service, Google knows my public key (but not Joe’s, since that is embedded inside the encrypted blob). This doesn’t actually matter, though, does it? They can’t do anything with my public key? The only thing it can be used for is to encrypt text one-way which only I can decrypt, because only I have the private key on my computer?
  2. If they decide to manipulate my initial e-mail message, changing the key I sent to Joe, then Joe’s reply will be unreadable by me, since it’s no longer encrypted using my public key, but Google’s intercepted key. That means Joe and I won’t be having any conversation beyond that initial e-mail from me and the first reply by him (which Google can read), but after that, nothing happens since I can’t read/decrypt his reply?

Gmail Email id, dot(.) recognition [closed]

I keep on receiving email which is intend to be received by a gmail id similar to be mine, with no dots(.) in gmail id of other party. For example : my email id is john.grisham@gmail.com the inbox of above email ids, get emails intended to be received by johngrisham@gmail.com

Question 1: The other party will also be receiving my emails ? Question 2: How can i get rid of this problem?

Is Gmail Undo pattern enough for bulk mailing? What are the better alternatives?

We are in the early process of creating a mail client that would send out email campaigns to thousands of users (Mailchimp would be a similar product to compare) There are ideas and opinions, and one of them is adding an undo options to the mailing.

The owner of this approach convinced that this would raise the confidence level of the users, I’m defending an opposing idea which is adding an extra step that would review the mail content and recipients and ask for final approval.

While my solution adding extra friction to the flow, it also adds a higher level of confidence to the user’s activities.

Now everything above is assumptions and we will test these with users but I would like to hear more about the subject, especially the personal opinions.

I use Gmail every day and personally seeing that undo functionality adding more stress in my life. It happened once or twice that I undo the email and edited a few details, but if I couldn’t it wouldn’t be a disaster either.

On the other hand, I think, when a user sends a bulk mail, the user needs a better understanding of what are she/she about to do.

What are your thoughts? Are there other alternatives?

PS: I read already this question about the same functionality, while I understand the assumptions here I would like to hear more.