The dots do matter: how to scam a Gmail user

Recently James Fisher received an email from Netflix asking him to update his credit card information.

“Odd,” I thought, “but OK, I’ll check.” The email is genuinely from netflix.com, so I clicked the link. It logged me in and took me to an “Update your credit or debit card” page, which is genuinely hosted on netflix.com. No phishing here. But hang on, the “Update” page showed my declined card as **** 2745. A card number I don’t recognize. Checking my records, I’ve never seen this card number. What’s going on?

I finally realized that this email is to james.hfisher@gmail.com. I normally use jameshfisher@gmail.com, with no dots. You might think this email should have bounced, but instead it reached my inbox, because “dots don’t matter in Gmail addresses”

Whenever you’re implementing email addresses in your code, also beware for plussing when handling them. Additionally James also offers a nice idea, in which Gmail could prevent lots of these scams.

The dots do matter: how to scam a Gmail user →

Elsewhere , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.