Skip to main content

Replies sorted oldest to newest

Sort-of related:

 

I don't have a Google/Gmail account myself, but this made me sit up:

http://www.theregister.co.uk/2...lix_phishing_vector/

The way in which Gmail's rather bizarre handling of the use of "."s within Gmail addresses (which Google - as the article points out - considers a useful feature   ) could be used by phishing scams to attack Netflix (and presumably other accounts) is subtle.

Most systems would consider the addresses eugeneslair@gmail.com and eugenes.lair@gmail.com to be different accounts. However Gmail doesn't - it sees them as two variants of the same account. 

 

So say I've got a Netflix account using the address eugeneslair@gmail.com. If a scammer was aware of this, he could create another Netflix account using the address eugenes.lair@gmail.com. Genuine Netflix account update emails for his account would then be sent to my Gmail address, and if I'm not paying attention, then *ahem* I'm paying... 

Eugene's Lair
Last edited by Eugene's Lair

Add Reply

×
×
×
×
Link copied to your clipboard.
×
×