Connect with us

Internet

Gmail Dot Feature Exploited to Commit Credit Fraud and More: Report

Published

on

Gmail offers a nifty “dot” feature which redirects all emails to the same account in case users have mistakenly added a dot or a period in the recipient’s email address. But cybercriminals are exploiting the same feature to commit crimes such as filing fake tax returns, availing financial benefits from government agencies, extending the trial period of online services, and credit fraud among others. As per a report, the bad actors have been exploiting the feature to commit a diverse array of scams since early 2018.

The Gmail dot feature fraud, that was discovered by security firm Agari and was first reported by Axios, was primarily employed to commit BEC (Business Email Compromise) scams. So, how did this happen? The Gmail dot feature ensures that emails intended for a particular recipient reaches them if the sender accidentally adds (or forgets) a dot or period in the username. For example, if someone intends to send an email to abc@gmail.comand mistakenly sends it to a.bc@gmail.com, the email will be delivered to the intended recipient who owns the correct username, or vice versa – if someone intends to send an email to a.bc@gmail.com, and mistakenly sends it to abc@gmail.com.

Since Gmail is the only major service provider to follow this practice of making these email addresses indistinguishable, service providers continue to treat each dot variant of the email address as a separate one, and indirectly, a different individual. While many of us have used this Gmail ‘feature’ to register ‘different’ emails to the same service provider, such as Netflix, it appears 

The dot variants of a username used to file fake tax returns
Photo Credit: Agari

This vulnerability makes the process of scaling up a fraud much easier. As per the findings of security experts, a group of cybercriminals exploited the Gmail dot feature to avail around $65,000 (roughly Rs. 46,52,400) in credits from four banking institutions in the US. Moreover, they reportedly registered 14 different trial accounts with commercial services, filed 13 fraudulent tax returns before an online tax filing service and submitted 12 address change requests with the US postal service. Moreover, the feature was also misused to avail financial allowances such as social security benefits as well as disaster assistance and unemployment benefits under different identities.

Cybersecurity experts identified a total of 56 variants of an email address belonging to a single individual but differentiated by the placement of a dot in the username to bamboozle the service providers. And since all the emails intended for a supposedly different user were delivered to the same account, thanks to the Gmail dot feature, it became very easy for the bad actors to manage their fraudulent activities. 

Separately, Crane Hassold, Senior Director of Threat Research at Agari told ZDNet that the Gmail dot feature is only one of several Gmail features that can be used by scammers, such as the plus sign (where username+randomword@gmail.com redirects emails to username@gmail.com), and the legacy googlemail.com domain. While exploits on these features haven’t yet been spotted in the wild, Hassold says they are just as efficient as the Gmail dot feature. 

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Internet

TCL 8K 6 Series TV pricing is here, and we can’t quite believe it

Published

on

TCL has priced up its 8K TVs, and if you assumed the step up from 4K would break the bank then you might be in for a pleasant surprise. The company announced its 8K 6 Series sets back at CES 2021 in January, but has now bucked the big TV trends by kicking off pricing at just $2,199.99. That gets … Continue reading

Continue Reading

Internet

Samsung Galaxy Z Flip 3 pictures leak all before release date

Published

on

The next major release from Samsung in the foldables department leaked in press images this week. The Samsung Galaxy Z Flip 3, the third iteration of the clamshell foldable smartphone (with foldable display), appeared in imagery that shows the machine front, back, side-to-side, and both open and shut. This is one of at least two smart devices that’ll likely launch … Continue reading

Continue Reading

Internet

Microsoft’s idea for a new Surface Book leaves MacBook Pro looking dull

Published

on

Microsoft’s new Surface could adopt a very different screen hinge design, with newly-spotted patents suggesting the company is flirting with an iPad Pro-style floating hinge. Currently, the Surface Book has a detachable screen – which pulls away from the keyboard to form a standalone tablet – while the Surface Laptop adopts a more traditional notebook form-factor. Then there’s the Surface … Continue reading

Continue Reading

Trending