Scammer groups are exploiting Gmail 'dot accounts' for online fraud

Discuss whatever you want here--both QB and non-QB related. Anything from the DEF INT command to the meaning of life!

Moderators: Pete, Mods

Post Reply
User avatar
burger2227
Veteran
Posts: 2324
Joined: Mon Aug 21, 2006 12:40 am
Location: Pittsburgh, PA

Scammer groups are exploiting Gmail 'dot accounts' for online fraud

Post by burger2227 » Thu Feb 07, 2019 7:39 am

Scammer groups are exploiting Gmail 'dot accounts' for online fraud
For example, Google considers john.doe@gmail.com, jo.hn.doe@gmail.com, and johndoe@gmail.com as the same Gmail address.

Regular users have been using this feature for years to register free trial accounts at online services using the same email address, but spelled out in different ways.

More recently, a scammer group learned to use dotted Gmail accounts to trick Netflix account owners into adding card details to scammers' accounts -- registered with the user's dotted Gmail address.

But besides the dot character, Gmail also has two other features that scammers could potentially similarly abuse in the future.

The first is the plus sign. For example, a Gmail address like username+randomword@gmail.com will always redirect emails back to username@gmail.com.

The second is the legacy @googlemail.com domain. All emails addressed to username@googlemail.com will always arrive at username@gmail.com
Please acknowledge and thank members who answer your questions!
QB64 is a FREE QBasic compiler for WIN, MAC(OSX) and LINUX : https://www.qb64.org/forum/index.php
Get my Q-Basics demonstrator: https://www.dropbox.com/s/fdmgp91d6h8ps ... s.zip?dl=0

Post Reply