Gmail’s Treatment of Dots in Users’ Accounts could Mean Beneficial to Phishers
An expert recently found that the way Gmail handled e-mail was a door to one useful phishing vector for targeting users of Netflix.
The expert, James Fisher just this weekend explained how he got one genuine e-mail that Netflix sent to his e-mail address firstname.lastname@example.org when Google mail stepped in and sent to his other address that didn't have a dot. Such a dotless account reportedly with Netflix can result in getting scammed. Although genuine and really coming from Netflix.com, the e-mail did not cause any worry. However, Fisher soon realized that when the account cited a payment card number, the latter was not really his. Thereafter, he realized even the e-mail was not for him, but had come to him because of the existence of certain dots which Gmail didn't recognize. Gizmodo.co.uk posted this, April 10, 2018.
Fisher noticed the e-mail which updated his so-called payment details arrived from some other account such as Netflix; however, as Gmail isn't concerned about the 'dots' he even so got the e-mail.
The incident prompted Fisher to frame a theory that scamsters were in a position to distribute bulk e-mails carrying a link to a fake login page of Netflix till they discovered one Gmail id of their target which they would spoof while put a dot within an incorrect place. This would help the phishers create one fresh account while wait till the time Netflix proposed "valid card check." Subsequently, one e-mail soliciting up-to-date details would get dispatched into one genuine Gmail id of the Netflix customer. And suppose Google mail didn't recognize the out of position dots within its user's e-mail id, it would think nothing was wrong and proceed to update the card payment particulars signing them as valid.
This done, the phishers would then alter the e-mail id of the target's account with Netflix thus not let the victim access it yet keep intact the payment particulars, resulting in availing Netflix for free.
Netflix users are advised visiting netflix.com/security regarding ways for remaining safe from frauds while necessarily reporting to Customer Service instantly should they doubt any tampering of their accounts.
» SPAMfighter News - 4/17/2018
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!