Thursday, January 21, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Scammer groups are exploiting Gmail ‘dot accounts’ for online fraud

February 6, 2019
in Internet Security
Scammer groups are exploiting Gmail ‘dot accounts’ for online fraud
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Image: Agari // Composition: ZDNet

Cyber-criminal groups are exploiting a Gmail feature to file for fraudulent unemployment benefits, file fake tax returns, and bypass trial periods for online services.

The trick is an old one and has been used in the past. It refers to Gmail’s “dot accounts,” a feature of Gmail addresses that ignores dot characters inside Gmail usernames, regardless of their placement.

You might also like

Best antivirus software in 2021

NSA urges system administrators to replace obsolete TLS protocols

Microsoft: How ‘zero trust’ can protect against sophisticated hacking attacks

For example, Google considers john.doe@gmail.com, jo.hn.doe@gmail.com, and johndoe@gmail.com as the same Gmail address.

Regular users have been using this feature for years to to register free trial accounts at online services using the same email address, but spelled out in different ways.

More recently, a scammer group learned to use dotted Gmail accounts to trick Netflix account owners into adding card details to scammers’ accounts –registered with the user’s dotted Gmail address.

The legitimate “update your card details” Netflix email would arrive in the real user’s inbox, who’d later update the scammer’s account without knowing.

The reason why this trick works is because “dotted” Gmail address alternatives are a pure-Gmail feature, not found with many online email providers. Online websites like Netflix, Amazon,eBay, and government portals, treat each dotted email address as a different account, which provides a breeding ground for all sorts of problems.

In a report published today, the team at email security firm Agari says it saw criminal groups use dotted Gmail addresses in many more places all last year.

In an example included in their report, Agari said it saw one group in particular use 56 “dotted” variations of a Gmail address to:

  • Submit 48 credit card applications at four US-based financial institutions, resulting in the approval of at least $65,000 in fraudulent credit
  • Register for 14 trial accounts with a commercial sales leads service to collect targeting data for BEC attacks
  • File 13 fraudulent tax returns with an online tax filing service
  • Submit 12 change of address requests with the US Postal Service
  • Submit 11 fraudulent Social Security benefit applications
  • Apply for unemployment benefits under nine identities in a large US state
  • Submit applications for FEMA disaster assistance under three identities

“We’ve seen multiple groups use the technique, but the article is just an example from one of those groups,” Crane Hassold, Senior Director of Threat Research at Agari told ZDNet today.

“In essence, this allows cybercriminals to centralize their fraudulent activity within a single Gmail account, rather than having to monitor a bunch of different accounts, increasing the efficiency of their operations,” Hassold said.

Gmail address “features” are ripe for abuse

But besides the dot character, Gmail also has two other features that scammers could potentially similarly abuse in the future.

The first is the plus sign. For example, a Gmail address like username+randomword@gmail.com will always redirect emails back to username@gmail.com.

The second is the legacy @googlemail.com domain. All emails addressed to username@googlemail.com will always arrive at username@gmail.com.

Hassold told ZDNet that none of these two additional techniques have been spotted in the wild, just yet. However, they are just as efficient as the “dotted” Gmail addresses and could provide scammers with even more alternative email addresses they could use for abuse, fraud, or to gain access to unwarranted benefits.

More security coverage:

Credit: Source link

Previous Post

Flaws in Popular RDP Clients Allow Malicious Servers to Reverse Hack PCs

Next Post

5 Ways that Artificial Intelligence will impact HR and Recruitment

Related Posts

Best antivirus software in 2021
Internet Security

Best antivirus software in 2021

January 21, 2021
NSA urges system administrators to replace obsolete TLS protocols
Internet Security

NSA urges system administrators to replace obsolete TLS protocols

January 21, 2021
Microsoft: How ‘zero trust’ can protect against sophisticated hacking attacks
Internet Security

Microsoft: How ‘zero trust’ can protect against sophisticated hacking attacks

January 21, 2021
Willyama’s role in helping Indigenous Australians secure a career in cybersecurity
Internet Security

Google: These new password protection features are coming to Chrome

January 20, 2021
A Chinese hacking group is stealing airline passenger details
Internet Security

A Chinese hacking group is stealing airline passenger details

January 20, 2021
Next Post
5 Ways that Artificial Intelligence will impact HR and Recruitment

5 Ways that Artificial Intelligence will impact HR and Recruitment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Skyrim modders have a new machine learning tool that turns text to realistic NPC speech
Machine Learning

Skyrim modders have a new machine learning tool that turns text to realistic NPC speech

January 21, 2021
6 Major AI Use Cases In IT Operations | by Gina Shaw | Jan, 2021
Neural Networks

6 Major AI Use Cases In IT Operations | by Gina Shaw | Jan, 2021

January 21, 2021
Agile Marketing: 3 Tips for a Post-Pandemic Economy
Marketing Technology

Agile Marketing: 3 Tips for a Post-Pandemic Economy

January 21, 2021
Best antivirus software in 2021
Internet Security

Best antivirus software in 2021

January 21, 2021
The 37 Best Machine Learning Courses on Udemy to Consider
Machine Learning

The 37 Best Machine Learning Courses on Udemy to Consider

January 21, 2021
Classifying employees as likely-to-quit using Tensorflow, Pandas & IBM attrition dataset | by Timilsinasandesh | Jan, 2021
Neural Networks

Classifying employees as likely-to-quit using Tensorflow, Pandas & IBM attrition dataset | by Timilsinasandesh | Jan, 2021

January 21, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Skyrim modders have a new machine learning tool that turns text to realistic NPC speech January 21, 2021
  • 6 Major AI Use Cases In IT Operations | by Gina Shaw | Jan, 2021 January 21, 2021
  • Agile Marketing: 3 Tips for a Post-Pandemic Economy January 21, 2021
  • Best antivirus software in 2021 January 21, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates