TNW Creations, LLC. Multimedia Publishing

Web Design & Development

Austin, Texas

What is ˆf_bisa and Is It safe?

On 8/8/2021 one lone report of an email tag suddenly appearing in Gmail surfaced in Japan. On 8/11/2021, this information hit my desk and I began investigating.

 

At this time, only a handful of (12) users were experiencing (or noticing) this issue. This is a relatively small number considering the global source and the multitude of GMail members. Reports from France, Lithuania, Poland and United States joined the initial report in Japan.

Is it a Google Glitch?

This isn't TNW Creations' first investigative report on Google glitches.

 

On December 11, 2020 - I began noting issues with Google services and server errors arising that culminated with a complete disruption of multiple cloud services across Google on December 14, 2020.

 

On July 21, 2021 - I reported to Google a date coding error that basically had us all feeling a little spaced out and futuristic. We did appreciate the nod from Google agreeing with my obvious "Immortal" status. But this tag, ˆf_bisa has me feeling a little more concerned and my cyber security senses are tingling...

 

 

What We Know

The tag, "ˆf_bisa" is created automatically when a draft is saved during a reply to an unknown email address. It's not due to a browser extension or isolated to a particular browser or device. At this point, we've seen this instance occuring across devices, OS and browsers. Windows 10, Firefox, Chrome, Gmail iOS app, Gmail Android App.

 

This could it be an innocent GMail platform glitch or the result of an embedded script in the original email. After close inspection of the original email, I believe the culprit could be a third-party email signature. Most email signatures are created using a third-party online account. These signatures are hosted in the user's account and connected to their email through a cloud based script. In the event of a compromised signature script, this would result in script issues from the emails these signatures are embedded in.

Initial report, Japan

https://support.google.com/mail/thread/120451362/ラベルを削除しても自動的に同じラベルが生成されてしまう?hl=ja&msgid=120451362

A Security Risk?

Yes. Any bizarre or unexpected code that implements itself can be a sign of something disturbing in cyber security. In general, we don't want scripts triggering changes to our accounts without our permission or control. TNW Creations works in web development, SEO and Cyber Security. We love to wield our security stick and recently uncovered a malicious website ring over Mother's Day weekend. In the realm of all things good and Holy vs evil and pernicious... we prefer good and Holy.


For this new unexpected auto created tag that one Gmail user from Japan described as, "creepy" - TNW Creations is on the forefront as usual using our keen observations and security analysis.


First Sighting, Japan 8/8/2021:

https://support.google.com/mail/thread/120451362/ラベルを削除しても自動的に同じラベルが生成されてしまう?hl=ja&msgid=120451362



As of 8:20PM CDT on 8/11/2021 - there are now nearly 100 reports and three additional threads.
https://support.google.com/mail/thread/120824491/gmail-making-a-label-by-itself-how-to-stop?hl=en


https://support.google.com/mail/thread/120772882/strange-label-keeps-appearing?hl=en


https://support.google.com/mail/thread/120756335/in-my-gmail-one-lable-with-a-name-f-bisa-created-automatically-if-i-deleted-that-lable-again-it-wi


We think we found the source

After multiple tests - I found two commonalities in the effected emails. Microsoft Outlook and a third-party read receipt tool called, "Sidekick."

I believe the cause of ^f_bisa is from the third party read receipt script by sidekick.  Whether the sidekick script is glitching or whether it has been compromised is up to someone else to discover. I think we've started you off in the right direction. Watch our YouTube video to see how the tag appears during an automatic save while responding to an email that contains the Sidekick script.

How to Stop the Auto Created Label ^f_bisa

sidekickopen45.com is an email read receipt used in email signatures. Many HubSpot users implement this service. It's best to stop using Sidekick for now (if you personally use it) and contact Sidekick about the issue. Or we have found archiving the email (if you are the recipient) from the senders who are using Sidekick and starting a fresh email to the sender solves this issue.


As a last resort, *IF* you can't find the email(s) causing the issue - you can temporarily blacklist the domain, however we don't recommend this route as it could result in missed emails from legitimate contacts who utilize this business tool.

 

To block the domain, use your Gmail filters: 
Quick Settings > See All Settings > Filters and Blocked Addresses > Create a new filter

Sharing this article with anyone who is using Sidekick might also be helpful. When we know more about the cause of this issue, we'll update this article.

Did this article help you? Please share so you can help others! Thank you!

TNW Creations is a Web Development & Media Publishing Agency in Austin, Texas. Web Development, cyber security, web design, clean energy web host, Advanced SEO, Digital Marketing and more since 1995.

I've been programming, designing, writing and publishing professionally online since 1995. I've worn many hats throughout my life, but the common core of my career has always been media. Besides the portfolio you see on TNW Creations, my internet presence has been substantial for over 2 decades. In 1995, while still in college, I founded TNW Creations and became part of the grassroots development for teaching the Lakhota language online. By 2004, my bilingual work was listed on many sites, including National Geographic , Encarta and Touchstone Pictures Hidalgo. When I'm not designing, developing and writing, you'll find me managing MagicStoryLand.Com, creating kid-friendly game & video content, posting salty articles about cyber threats, leading Girl Scouts, moderating UnifyLife.Org and enjoying my  community, church & family.