Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Scammer groups are exploiting Gmail ‘dot accounts’ for online fraud

ZDNet: “Cyber-criminal groups are exploiting a Gmail feature to file for fraudulent unemployment benefits, file fake tax returns, and bypass trial periods for online services. The trick is an old one and has been used in the past. It refers to Gmail’s “dot accounts,” a feature of Gmail addresses that ignores dot characters inside Gmail usernames, regardless of their placement. For example, Google considers [email protected], [email protected], and [email protected] as the same Gmail address. Regular users have been using this feature for years to register free trial accounts at online services using the same email address, but spelled out in different ways. More recently, a scammer group learned to use dotted Gmail accounts to trick Netflix account owners into adding card details to scammers’ accounts — registered with the user’s dotted Gmail address. The legitimate “update your card details” Netflix email would arrive in the real user’s inbox, who’d later update the scammer’s account without knowing…” [h/t Lea Wade]

Sorry, comments are closed for this post.