BEC Actors Exploiting Gmail “Dot Accounts” for Fun and Profit

Taking Advantage of Dot Accounts

Scaling Scam

  • Submit 48 credit card applications at four US-based financial institutions, resulting in the approval of at least $65,000 in fraudulent credit
  • Register for 14 trial accounts with a commercial sales leads service to collect targeting data for BEC attacks
  • File 13 fraudulent tax returns with an online tax filing service
  • Submit 12 change of address requests with the US Postal Service
  • Submit 11 fraudulent Social Security benefit applications
  • Apply for unemployment benefits under nine identities in a large US state
  • Submit applications for FEMA disaster assistance under three identities
Google Dot Accounts Used to Create Trial Accounts on a Commercial Sales Leads Service
Google Dot Accounts Used to File Fraudulent Tax Returns

--

--

--

Agari is the Trusted Email Identity Company™, protecting companies and people from phishing and socially-engineered email attacks.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Have You Been Duped by Touchless Access Control?

Simple Guide to SAML vs OIDC

{UPDATE} XO Mania - Noughts and Crosses Puzzle Game Hack Free Resources Generator

Everything About The $SGT (3,3) Launch

Zeke Testa of CYTRIO: Five Things Every Business Needs To Know About Storing and Protecting Their…

Business Email Compromise (BEC) Scams: COVID-19 Related Email Attacks Top Threat to Financial…

Repelling A Ransomware Attack: Ryan Toohil of Aura On The 5 Things You Need To Do To Protect…

Employee-Reported Phishing Attacks Climb 65%, Clobbering SOC Teams

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Agari

Agari

Agari is the Trusted Email Identity Company™, protecting companies and people from phishing and socially-engineered email attacks.

More from Medium

How to Change Password Policies on Windows Server

DNS resolution process

(How to) Secure your e-mail and prevent most cyberattacks

A step toward a more secure web collab tool for VTubers