Cybercriminal Exploit Gmail Feature to Scale Up Attacks

Security vendor Agari announced in February that attackers are taking advantage of a long-standing Gmail feature to create multiple accounts rapidly.  Google believes that "dots don't matter" and therefore treats certain variations of an email as the same.  For example, is treated the same as and, but will receive the correspondence sent to the variations.  Attackers have used this trick to submit 48 credit card applications and conduct $65,000 in fraudulent credit charges.  It has also been used to file tax returns; submit a change-of-address; apply for unemployment; and submit for FEMA disaster assistance.  Organizations are urged to watch for the rapid creation of accounts that contain dots(.) in the username to help mitigate this threat.

Relevant URL(s):