Skip to Main Content

Look out for dot.com fraud in your emails

Does that dot or period really matter when it comes to your email addresses? No, but only if you have a Gmail account – and the fraudsters know this.

An interesting feature in Gmail accounts is that the “.” – the dot or the period – in the address does not matter. Send a letter to johndoe@gmail.com or john.doe@gmail – he will get it either way.

However, the dot does matter for other accounts such as Microsoft’s Hotmail/Outlook and a host of online websites such as Amazon, eBay, Netflix, and government portals. Differently dotted email addresses are treated as completely different accounts.

Dot fraud on the loose

Cyber-criminals have used this different dot treatment to launch a variety of fraudulent schemes. Thanks to their creative use of dots, they have been able to launch a variety of bogus credit-card applications, file fraudulent tax returns, and apply for government benefits. They can have a variety of accounts set up where dots do matter – and have all the email responses go back to a single Gmail account. That’s what you call efficiency of dots.

Binge clicking with Netflix – full stop

Dot fraud also impacts consumers. Cyber-criminals have also misused the Gmail feature to fool others into paying for their Netflixs access. As described by James Fisher, the bad guys can find a Gmail address which is already registered, create a similar account name with an extra dot, then sign up for a free trial with a throw-away card number. Then comes the waiting game of cancelling the card, waiting for Netflix to bill the cancelled card – and then having Netflix email the victim asking for their card number.

Unlike a phishing attempt, the potential victim would get a real email from Netflix. And if the user does not notice that the card number is different, they could end up for paying for the bad guy’s binge watching.

Whose fault is it – Gmail? Netflix? Or the gullible user? Either way, you’ve got to cross the “T” — and look out for the “I” — whether it is dotted or not.

This post is also available in: German

As a PR Consultant and journalist, Frink has covered IT security issues for a number of security software firms, as well as provided reviews and insight on the beer and automotive industries (but usually not at the same time). Otherwise, he's known for making a great bowl of popcorn and extraordinary messes in a kitchen.