Get the latest market trends in your inbox

Stay on top of the latest market trends and economic insights with the Axios Markets newsletter. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Minneapolis-St. Paul

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa-St. Petersburg news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa-St. Petersburg

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Photo: Chesnot/Getty Images

An email scam outfit is taking advantage of Gmail's "dot" feature to streamline operations, according to email security firm Agari.

Gmail dots? Gmail allows users to add or subtract periods in their email addresses at will. If you own the right to someusername@gmail.com, you will receive emails sent to some.user.name@gmail.com and s.o.m.e.u.s.e.r.n.a.m.e@gmail.com.

  • That may seem like a minor feature, but the vast majority of email providers treat each of those as different accounts. That allows you to sign up for multiple accounts on most websites in each of those email addresses.

Here's where the crime comes in. BEC (business email compromise) scams run many operations in parallel. If they target a government agency offering grants or tax refunds, usually that means they have to use a different address for each instance of the scam.

  • "Using the dots feature is the difference between creating 20 accounts on a website or monitoring one inbox," said Crane Hassold, senior director of threat intelligence at Agari.

The criminal group discovered by Agari, according to the official writeup, used the Google dots approach to:

  • Apply for 48 credit cards at 4 "U.S.-based financial institutions," netting at least $65,000 in fraudulent credit.
  • Register for 14 trial accounts with sales leads sites, to use those leads in other scams.
  • Fake 13 tax returns with a tax filing service.
  • Submit 12 postal change of address requests.
  • Apply 11 times for fraudulent Social Security benefits.
  • Fake 9 identities for unemployment benefits in a "large US state."
  • Submit 3 applications for FEMA disaster assistance.

All of these attacks took place in 2018 or 2019.

"We're not calling Google out with this report," said Hassold.

  • Rather, he said, he thinks searching for multiple accounts under differently dotted Gmail accounts can be a useful security tool.
  • Agari has recommended the technique to several of its clients, who they say report it has been useful in finding fraudulent accounts.

Go deeper

USAID chief tests positive for coronavirus

An Air Force cargo jet delivers USAID supplies to Russia earlier this year. Photo: Mikhail Metzel/TASS via Getty Images

The acting administrator of the United States Agency for International Development informed senior staff Wednesday he has tested positive for coronavirus, two sources familiar with the call tell Axios.

Why it matters: John Barsa, who staffers say rarely wears a mask in their office, is the latest in a series of senior administration officials to contract the virus. His positive diagnosis comes amid broader turmoil at the agency following the election.

Bryan Walsh, author of Future
5 hours ago - Health

COVID-19 shows a bright future for vaccines

Illustration: Annelise Capossela/Axios

Promising results from COVID-19 vaccine trials offer hope not just that the pandemic could be ended sooner than expected, but that medicine itself may have a powerful new weapon.

Why it matters: Vaccines are, in the words of one expert, "the single most life-saving innovation ever," but progress had slowed in recent years. New gene-based technology that sped the arrival of the COVID vaccine will boost the overall field, and could even extend to mass killers like cancer.

7 hours ago - Health

Beware a Thanksgiving mirage

Illustration: Sarah Grillo/Axios

Don't be surprised if COVID metrics plunge over the next few days, only to spike next week.

Why it matters: The COVID Tracking Project warns of a "double-weekend pattern" on Thanksgiving — where the usual weekend backlog of data is tacked on to a holiday.