If you have a gmail account, did you know that your email address can also have dots in it and you’ll still get it? For example, if your address email@example.com, it won’t matter if you send to firstname.lastname@example.org. You can even send it to email@example.com and still get it. Most mail systems do not allow this. Apparently this has been like this for some time.
We found out recently when we saw an article from ZDNet about how scammers are exploiting this by registering for different websites under your email but adding the dots. It may be sites like Netflix, Amazon.com, or eBay. They would see the dotted account email as a different one.
One group has used a variation to obtain credit cards. They have filed tax returns, registered for trial accounts, USPS change address requests, collecting Social Security benefits, apply for unemployment benefits, and apply for FEMA disaster relief.
The article brought out two other things that could be exploited. First, Google allows + signs – you can send email to firstname.lastname@example.org and email@example.com will get it. Second, before gmail.com it was googlemail.com and if you use firstname.lastname@example.org, email@example.com will still get it. Yes this has been tested and confirmed.