Google. What the hell have you done?

You might have heard about Google’s campaign “The dots don’t count”. It is probably one of the biggest security risks I have heard of in a while. The concept of Google’s new smart algorithm dealing with mail is the following: If somebody by mistake add my gmail adress tobiasgillberg@gmail.com as tobias.gillberg@gmail.com t.o.b.i.a.s.g.i.llberg@gmail.com . No matter how many odd dots you add you will receive the email to tobiasgillberg@gmail.com.

When I first heard about this I thought it was a smart idea. The problem is that somebody very easily can send you a phishing mail from any service. Let’s say I get a notification to my gmail that a payment didn’t go through for let’s say Ahrefs.com. Someone can register an account with t.obiasgillberg@gmail.com, the invoice if they don’t pay goes to me. Ahrefs does count the dot. So they will send an email out to t.obiasgillberg@gmail.com for a payment. I get the email to tobiasgillberg@gmail.com and risk is pretty big I go there and at least take a look to update my credit card.

I have read and seen quite a few examples of people paying for others Netflix, Amazon or whatever. Very risky if you don’t triple check all correspondence. So just a heads up. Keep your eyes open to your gmail.com, then check again before you use your credit card until google has solved this issue.

#engineerUI

Leave a Reply

Your email address will not be published. Required fields are marked *