Cyber-criminal groups use a Gmail feature to file fraudulent unemployment benefits, file fake tax returns and bypass online services trial periods. It refers to Gmail’s “dot accounts, “a feature of Gmail addresses that, regardless of their placement, ignore dot characters in Gmail usernames. For example, Google considers that the same Gmail address is John.doe@gmail.com, John.doe@gmail.com and Johndoe@gmail.com. For years, regular users use this feature to register free trial accounts in online services using the same email address, but in different ways. A scammer group recently learned to use dotted Gmail accounts to trick Netflix account owners into adding card details to the accounts of scammers-registered with the dotted Gmail address of the user. Netflix email would arrive in the real user’s inbox, who would later update the scammer’s account without knowing. The reason this trick works is that “pointed “Gmail address alternatives are a pure Gmail feature that many online email providers do not find. The team at the email security firm Agari says in a report published today that criminal groups have been using dotted Gmail addresses in many more places all last year. In an example included in their report, Agari said that one group used 56 “pointed “variations of a Gmail address in particular: In essence, this allows cybercriminals to centralize their fraudulent activity in a single Gmail account instead of monitoring a bunch of different accounts, increasing the efficiency of their operations, “said Hassold. But in addition to the dot character, Gmail also has two other features that may be abused in the future by scammers. The first sign is the plus. For instance, a Gmail address such as username + randomword@gmail.com will always return emails to username@gmail.com. The second is the domain legacy @googlemail.com. All emails sent to username@googlemail.com will always be sent to username@gmail.com. None of these two other techniques have yet been found in the wild. They are just as efficient as “pointed “Gmail addresses, however, and could provide even more alternative email addresses for abuse, fraud or access to unjustified benefits for scammers.