You might have heard about Google’s campaign “The dots don’t count”. It is probably one of the biggest security risks I have heard of in a while. The concept of Google’s new smart algorithm dealing with mail is the following: If somebody by mistake add my gmail adress firstname.lastname@example.org as email@example.com firstname.lastname@example.org . No matter how many odd dots you add you will receive the email to email@example.com.
When I first heard about this I thought it was a smart idea. The problem is that somebody very easily can send you a phishing mail from any service. Let’s say I get a notification to my gmail that a payment didn’t go through for let’s say Ahrefs.com. Someone can register an account with firstname.lastname@example.org, the invoice if they don’t pay goes to me. Ahrefs does count the dot. So they will send an email out to email@example.com for a payment. I get the email to firstname.lastname@example.org and risk is pretty big I go there and at least take a look to update my credit card.
I have read and seen quite a few examples of people paying for others Netflix, Amazon or whatever. Very risky if you don’t triple check all correspondence. So just a heads up. Keep your eyes open to your gmail.com, then check again before you use your credit card until google has solved this issue.