A number of cybercriminal groups are taking advantage of an exploit in Gmail to file fake tax returns, unemployment benefits and more. The email provider’s “dot account” feature essentially ignores the placements of the dots in email addresses. The trick has been used for many years by internet users to create trial accounts without making new Gmail ids.
According to a report by Agari, security researchers identified a scammer group that took advantage of the dot accounts feature to trick Netflix users into adding card details. Websites treat emails with different dot placements as unique addresses which creates the issue. These kinds of scams can only affect Gmail users as other email providers do not allow the same name to be used with different dot placements.
Crane Hassold, who is the Senior Director of Threat Research at Agari revealed that a number of groups have been using the technique and “the scammers created multiple accounts on each website within a short period of time, modifying the placement of periods in the email address for each account. Each of these accounts is associated with a different stolen identity, but all email from these services are received by the same Gmail account. “
Over $65,000 in fraudulent credit was approved because of the recent scams, and a number of fake tax returns and benefit claims have been made. It is not just the “dot accounts” technique that scammers can use. The “googlemail.com” domain is also being used to redirect emails to their respective Gmail accounts. However, there have been no documented instances of scammers using the method so far.
What do you think about the Gmail “dot account” scamming technique? Let us know in the comments below. Also, to get instant tech updates, follow TechNadu’s Facebook page, and Twitter handle.