Gmail’s Treatment of Dots in Users’ Accounts could Mean Beneficial to Phishers

An expert recently found that the way Gmail handled e-mail was a door to one useful phishing vector for targeting users of Netflix.

The expert, James Fisher just this weekend explained how he got one genuine e-mail that Netflix sent to his e-mail address james.hfisher@gmail.com when Google mail stepped in and sent to his other address that didn't have a dot. Such a dotless account reportedly with Netflix can result in getting scammed. Although genuine and really coming from Netflix.com, the e-mail did not cause any worry. However, Fisher soon realized that when the account cited a payment card number, the latter was not really his. Thereafter, he realized even the e-mail was not for him, but had come to him because of the existence of certain dots which Gmail didn't recognize. Gizmodo.co.uk posted this, April 10, 2018.

Fisher noticed the e-mail which updated his so-called payment details arrived from some other account such as Netflix; however, as Gmail isn't concerned about the 'dots' he even so got the e-mail.

The incident prompted Fisher to frame a theory that scamsters were in a position to distribute bulk e-mails carrying a link to a fake login page of Netflix till they discovered one Gmail id of their target which they would spoof while put a dot within an incorrect place. This would help the phishers create one fresh account while wait till the time Netflix proposed "valid card check." Subsequently, one e-mail soliciting up-to-date details would get dispatched into one genuine Gmail id of the Netflix customer. And suppose Google mail didn't recognize the out of position dots within its user's e-mail id, it would think nothing was wrong and proceed to update the card payment particulars signing them as valid.

This done, the phishers would then alter the e-mail id of the target's account with Netflix thus not let the victim access it yet keep intact the payment particulars, resulting in availing Netflix for free.

Netflix users are advised visiting netflix.com/security regarding ways for remaining safe from frauds while necessarily reporting to Customer Service instantly should they doubt any tampering of their accounts.

» SPAMfighter News - 4/17/2018