Then Netflix emails james.hfisher asking for a valid card. Wait for Netflix to bill the cancelled card.After Netflix applies the “active card check”, cancel the card.Sign up for free trial with a throwaway card number.Create a Netflix account with address james.hfisher.Let’s say you find the victim jameshfisher. “Hammer the Netflix signup form until you find a address which is “already registered”.He uncovered the following scam, as detailed below : The last 4 digits of the card on file were wrong. After confirming the email definitely came from Netflix, he noticed something odd. He got an email notifying him that his credit card had expired. This goes for major email service providers like iCloud, Yahoo Mail, and Outlook, as well as services such as Netflix, which is where “dots don’t matter” goes from being a feature to a security issue.Ĭolumnist Jim Fisher recently described how he almost fell for a scam that targeted his Netflix account. While services like Gmail and Facebook may filter out dots, other services do not-meaning that and would be treated as two separate people/accounts on many services and sites that require a login/password combination. The problem, and it’s a big one, is that this behavior is specific to Gmail, and not to the rest of the Internet. In the simplest terms, anyone with a Gmail account also has access to every possible variation using dots e.g. The exploit uses a feature called “dots don’t matter,” which ironically was developed by Google as a security measure. Google’s email platform has more than a billion active monthly users as of the last count in February 2016, which is why the recent discovery of a Gmail vulnerability should be cause for concern for the entire Internet.
0 kommentar(er)
