. home.aspx



Scammers Use Gmail “Dot Account” Feature to Scale Fraud

February 07, 2019 / Michael Hill

Cyber-criminals are taking advantage of a little-known feature in Gmail to escalate their scam operations more efficiently, according to new research from Agari. The email security vendor claimed in a blog post that the problem stems from what it describes as “dot accounts.” This relates to a decision by Google to allow Gmail users to own “all dotted versions” of their address. In the example given by Agari senior threat researcher, Ronnie Tokazowski, if a user registers a domain as ‘badguy007[at]gmail.com’ they could then use multiple versions of that same address, placing the dot in different places before the @, such as ‘b.a.d.g.u.y.007[at]gmail.com’ and ‘bad.guy.007[at]gmail.com’ and ‘ba.dg.uy.007[at]gmail.com.’ “While all dot variants of a Gmail account direct all email to the same inbox, a vast majority of the rest of the internet treats each variant as a distinctly separate email address, associated wi...