Cybercriminals are using Gmail "dot accounts" to open fraudulent credit card accounts, file fake tax returns, file for fraudulent unemployment benefits and perform other fraudulent activities, according to email security provider Agari.
Gmail dot accounts refer to the "dotted" versions of a single email address. Google interprets all versions of a Gmail address with and without dots; for example, all emails sent to john.smithgmail.com and j.o.h.n.s.m.i.t.hgmail.com will go directly to the same Gmail account.
Conversely, credit card companies, online services providers and other businesses frequently view each Gmail address as a separate entity. This means a cybercriminal can use all dotted variations of a Gmail address to set up multiple accounts under different names with a company – despite the fact that all of the email addresses are linked to the same person.
How Are BEC Threat Actors Using Gmail Dot Accounts?
The Agari Cyber Intelligence Division (ACID) reported business email compromise (BEC) threat actors have used Gmail dot accounts to perform the following fraudulent activities since early 2018:
- Submission of 48 credit card applications at four U.S. financial institutions; these applications resulted in the approval of at least $65,000 in fraudulent credit.
- Registration of 14 trial accounts with a commercial sales leads service to collect targeting data for BEC attacks.
- Filing of 13 fraudulent tax returns with an online tax filing service.
- Submission of 12 change of address requests with the U.S. Postal Service (USPS).
- Submission of 11 fraudulent Social Security benefit applications.
- Submission of U.S. unemployment benefits applications under nine identities.
- Submission of applications for Federal Emergency Management Agency (FEMA) disaster assistance under three identities.
Cybercriminals are increasingly using Gmail dot accounts to launch and scale fraudulent activities, Agari indicated. However, searching for instances of excessive dots in newly created Gmail accounts can help companies quickly stop Gmail dot account attacks.
Furthermore, MSSPs can educate their customers about Gmail dot attacks and other cyber threats. They also can provide email security services and conduct regular audits to help their customers address such issues.