Cybercriminal Exploit Gmail Feature to Scale Up Attacks

Security vendor Agari announced in February that attackers are taking advantage of a long-standing Gmail feature to create multiple accounts rapidly.  Google believes that "dots don't matter" and therefore treats certain variations of an email as the same.  For example, Johndoe@gmail.com is treated the same as john.doe@gmail.com and jo.hn.do.e@gmail.com, but johndoe@gmail.com will receive the correspondence sent to the variations.  Attackers have used this trick to submit 48 credit card applications and conduct $65,000 in fraudulent credit charges.  It has also been used to file tax returns; submit a change-of-address; apply for unemployment; and submit for FEMA disaster assistance.  Organizations are urged to watch for the rapid creation of accounts that contain dots(.) in the username to help mitigate this threat.

Relevant URL(s): https://www.darkreading.com/attacks-breaches/cybercriminals-exploit-gmail-feature-to-scale-up-attacks-/d/d-id/1333800