Page 1 of 1

Scammer groups are exploiting Gmail 'dot accounts' for online fraud

Posted: Thu Feb 07, 2019 7:39 am
by burger2227
Scammer groups are exploiting Gmail 'dot accounts' for online fraud
For example, Google considers john.doe@gmail.com, jo.hn.doe@gmail.com, and johndoe@gmail.com as the same Gmail address.

Regular users have been using this feature for years to register free trial accounts at online services using the same email address, but spelled out in different ways.

More recently, a scammer group learned to use dotted Gmail accounts to trick Netflix account owners into adding card details to scammers' accounts -- registered with the user's dotted Gmail address.

But besides the dot character, Gmail also has two other features that scammers could potentially similarly abuse in the future.

The first is the plus sign. For example, a Gmail address like username+randomword@gmail.com will always redirect emails back to username@gmail.com.

The second is the legacy @googlemail.com domain. All emails addressed to username@googlemail.com will always arrive at username@gmail.com