So, how did this happen? The Gmail dot feature ensures that emails intended for a particular recipient reaches them if the sender accidentally adds (or forgets) a dot or period in the username.
The Gmail dot feature fraud, that was discovered by security firm Agari and was first reported by Axios, was primarily employed to commit BEC (Business Email Compromise) scams. As per a report, the bad actors have been exploiting the feature to commit a diverse array of scams since early 2018. But cybercriminals are exploiting the same feature to commit crimes such as filing fake tax returns, availing financial benefits from government agencies, extending the trial period of online services, and credit fraud among others. Gmail offers a nifty “dot” feature which redirects all emails to the same account in case users have mistakenly added a dot or a period in the recipient's email address.
