Search

Gmail Dot Feature Exploited to Commit Credit Fraud and More: Report

Advertisement
Highlights
  • The Gmail dot feature was misused for availing financial benefits
  • Cybercriminals even filed for fake tax returns
  • It was also exploited for availing certain online services
Gmail Dot Feature Exploited to Commit Credit Fraud and More: Report

The fraudsters have reportedly been exploiting the feature since early 2018

Gmail offers a nifty “dot” feature which redirects all emails to the same account in case users have mistakenly added a dot or a period in the recipient's email address. But cybercriminals are exploiting the same feature to commit crimes such as filing fake tax returns, availing financial benefits from government agencies, extending the trial period of online services, and credit fraud among others. As per a report, the bad actors have been exploiting the feature to commit a diverse array of scams since early 2018.

The Gmail dot feature fraud, that was discovered by security firm Agari and was first reported by Axios, was primarily employed to commit BEC (Business Email Compromise) scams. So, how did this happen? The Gmail dot feature ensures that emails intended for a particular recipient reaches them if the sender accidentally adds (or forgets) a dot or period in the username. For example, if someone intends to send an email to abc@gmail.comand mistakenly sends it to a.bc@gmail.com, the email will be delivered to the intended recipient who owns the correct username, or vice versa - if someone intends to send an email to a.bc@gmail.com, and mistakenly sends it to abc@gmail.com.

Since Gmail is the only major service provider to follow this practice of making these email addresses indistinguishable, service providers continue to treat each dot variant of the email address as a separate one, and indirectly, a different individual. While many of us have used this Gmail 'feature' to register 'different' emails to the same service provider, such as Netflix, it appears 

Gmail dot scam screenshot Gmail Dot Scam

The dot variants of a username used to file fake tax returns
Photo Credit: Agari

This vulnerability makes the process of scaling up a fraud much easier. As per the findings of security experts, a group of cybercriminals exploited the Gmail dot feature to avail around $65,000 (roughly Rs. 46,52,400) in credits from four banking institutions in the US. Moreover, they reportedly registered 14 different trial accounts with commercial services, filed 13 fraudulent tax returns before an online tax filing service and submitted 12 address change requests with the US postal service. Moreover, the feature was also misused to avail financial allowances such as social security benefits as well as disaster assistance and unemployment benefits under different identities.

Cybersecurity experts identified a total of 56 variants of an email address belonging to a single individual but differentiated by the placement of a dot in the username to bamboozle the service providers. And since all the emails intended for a supposedly different user were delivered to the same account, thanks to the Gmail dot feature, it became very easy for the bad actors to manage their fraudulent activities. 

Separately, Crane Hassold, Senior Director of Threat Research at Agari told ZDNet that the Gmail dot feature is only one of several Gmail features that can be used by scammers, such as the plus sign (where username+randomword@gmail.com redirects emails to username@gmail.com), and the legacy googlemail.com domain. While exploits on these features haven't yet been spotted in the wild, Hassold says they are just as efficient as the Gmail dot feature. 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Gmail, Gmail Dot Feature, Cybercrime
 
Show Full Article
Please wait...
Advertisement

Related Stories

Popular Mobile Brands
  1. Redmi 15 Leaked Renders Indicate It Will Arrive in These Colourways
  2. Smartphones Launched in India (July 2025): Check List
  1. Oppo Reno 14FS 5G Price, Design and Specifications Leaked Ahead of Anticipated Debut
  2. Samsung Galaxy A07 Listed on Google Play Console With Design, Key Specifications: Report
  3. Microsoft SharePoint Hack: Probe on Whether Chinese Hackers Found Flaw via Alert
  4. Samsung Reportedly in Talks With OpenAI, Perplexity to Offer Gemini AI Alternatives on Galaxy S26 Series
  5. Redmi 15 Design Renders, Specifications Leaked; Tipped to Arrive in Three Colourways
  6. Google Pixel 10 Pro, Pixel 10 Pro XL Spotted in Moonstone Colourway Alongside Pixel Buds 2a and Pixel Watch 4
  7. Meta Names ChatGPT Co-Creator Shengjia Zhao as Chief Scientist of Superintelligence Lab
  8. Who-Fi: An AI-Powered Wi-Fi Technology That Can Identify and Track Individuals Without Cameras
  9. NASA’s X-59 Moves Closer to First Flight with Advanced Taxi Tests and Augmented Vision
  10. Unusual Plasma Waves Above Jupiter’s North Pole Can Possibly Be Explained
Gadgets 360 is available in
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.
Trending Products »
Latest Tech News »