San Francisco: Gmail users have been alerted about a new Google Mail feature which could be leveraged by online crooks to carry out a wave of scams, media reported.
The company, in April, unveiled its brand new design which introduced a clean new user interface and a swathe of new features including the ability to snooze a message, auto-generate smart replies and self-destruct emails in the brand new "Confidential Mode".
"It's the Confidential Mode which is at the centre of security fears," Express.co.uk reported on Saturday.
The Department of Homeland Security (DHS) reportedly issued an alert on the "potential emerging threat... for nefarious activity" with the Gmail redesign, the report said.
"We have reached out to Google to inform them of intelligence relevant to their services and to partner to improve our mutual interests in cyber security," Lesley Fulop, DHS spokesperson said.
Central to these fears was the new "Confidential Email" feature that can require users to click a link in order to access these messages.
If you're a Gmail user using the official Google Mail website then the "Confidential Email" appears when you click to open it. It shows a date for when the content will expire and informs the users that the email can't be forwarded or downloaded.
However, its different if you're a Gmail user viewing the message as a third-party client or a non-Gmail user who receives a confidential email.
In those cases, instead of the message appearing in their browser, users have to click a button to view the email. And this is where the security fears lie.
With the Gmail redesign, scammers could send out fake versions of confidential email alerts and trick a user into entering sensitive details.
"The tech giant is committed to protecting the security of users' personal information and hence, had created "machine learning" algorithms to detect potential phishing scams that cyber criminals carry out," said Google spokesman Brooks Hocog.
Phishing scams are where cyber criminals try to trick victims into clicking on seemingly trustworthy links in order to steal sensitive personal information.