Sort-of related:
I don't have a Google/Gmail account myself, but this made me sit up:
http://www.theregister.co.uk/2...lix_phishing_vector/
The way in which Gmail's rather bizarre handling of the use of "."s within Gmail addresses (which Google - as the article points out - considers a useful feature ) could be used by phishing scams to attack Netflix (and presumably other accounts) is subtle.
Most systems would consider the addresses eugeneslair@gmail.com and eugenes.lair@gmail.com to be different accounts. However Gmail doesn't - it sees them as two variants of the same account.
So say I've got a Netflix account using the address eugeneslair@gmail.com. If a scammer was aware of this, he could create another Netflix account using the address eugenes.lair@gmail.com. Genuine Netflix account update emails for his account would then be sent to my Gmail address, and if I'm not paying attention, then *ahem* I'm paying...