Although it has been seen previously, scammers are again using dot accounts for their fraud efforts. They take advantage of the feature within Gmail that does not recognize dot characters placed within the Gmail domains. This means john[.]smith[at]gmail.com, joh[.]n[.]smith[at]gmail.com, and johnsmith[at]gmail.com would all be viewed as the same account. Activities such as filing for unemployment benefits, tax returns, and bypassing trials for online services. In one documented instance of this, a scammer sent 22 different applications into a financial institution and successfully opened $65,000 dollars’ worth of fraudulent credit accounts. Another campaign saw scammers taking advantage of the fact that Netflix does not recognize this dot feature. When legitimate owners of Netflix accounts received a notice to update their payment information, they were unintentionally crediting scammers accounts. Researchers stated, “In each case, the scammers created multiple accounts on each website within a short period of time, modifying the placement of periods in the email address for each account. Each of these accounts is associated with a different stolen identity, but all email from these services are received by the same Gmail account.” This makes it easier for scammers to continue these efforts since they are focused around a small amount of emails.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased