Sending cash via Gmail: an invitation to scammers?

Am I the only one to have a small nagging doubt about Google’s announcement that they now allow Gmail users to send money to each other? Given the commentary that I have read so far, it seems like I am. Perhaps it’s my grumpy frame of mind but maybe it’s because I am wary of anything that might open the floodgates of spam by introducing a new attack vector for spammers to prey upon the unwary.

The first thing to say is that sending money via email is not new. After all, companies have been using a form of email-enabled communication called EDI since 1996 or thereabouts. Of course, EDI is not based on messages exchanged between individuals. Instead, it is a mechanism that uses highly structured messages between companies. However, EDI documents are addressed and can be sent by email, so a comparison is, I think, valid. And wire transfers between individuals could also be considered in the same vein as they are also highly structured documents that are routed to beneficiaries based on addresses (bank account and routing numbers).

The big difference in this announcement lies in the sheer size of the Gmail installed based and the integration with Google Wallet. Even if you strip out all the “disposable” Gmail accounts used for different purposes (including spam), the number of people who use Gmail regularly is in the hundreds of millions. After Google rolls out the new feature worldwide (it is only available to U.S. residents initially and only if they are 18 years or older), that’s a lot of people who could send money to each other. And there’s goodness there as being able to send a family member or close acquaintance some money along with an email seems like a very nice feature.

The integration with Google Wallet is both an example of how Google is leveraging the different parts of their portfolio to gain synergy and a protection to users. Before you can send money from your Google Wallet, you need to provide Google with a credit card that presumably acts as some form of barrier to those who would seek to use Google Wallet for nefarious purposes. I originally added a credit card to my Google Wallet when I lived in the U.S. and can’t recall having to provide too much information in terms of proving my identity except the credit card data and an address. Perhaps Google performs some form of identity checking behind the scenes to validate the information but I certainly was unaware of this. It will be interesting to see how Google copes with European money laundering legislation here as it does not take much imagination to see how criminals might use cash transfer via email to move funds around, even if they will be restricted to transferring $50,000 per five-day period.

But you don’t need Google Wallet to send or receive money via Gmail as Google will allow you to send money via a credit or debit card (extracting a 2.9% fee per transaction). Not much detail is yet available as to how a recipient who does not have Gmail can access funds. Perhaps they will have to provide some bank details or, in some under-banked parts of the world, be directed to a traditional funds transfer agency such as a Western Union office.

The ability to send money to someone who is unknown (except as an email address) is where I see problems lurking. There are already plenty of examples where email is used to coax the unwary (or the stupid, depending on your perspective) to send money, the most famous being the “Nigerian 419 scam”. Today, it takes time and effort for the scammer to hook their victim, reel them in, and convince the victim to send funds via a traditional method. Will this new feature make it easier for a scammer to score? It just might…

The people who work at Google are very smart indeed. I am sure that they will do their very utmost to incorporate some intelligence to prevent their work delivering a bonanza to scammers. At least, I hope that they do!

Follow Tony @12Knocksinna


About Tony Redmond

Lead author for the Office 365 for IT Pros eBook and writer about all aspects of the Office 365 ecosystem.
This entry was posted in Email and tagged , , , . Bookmark the permalink.

1 Response to Sending cash via Gmail: an invitation to scammers?

  1. Reader says:

    Use 2 step verification.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.