Gmail’s vulnerability is used to get free Netflix


An interesting trick to at least temporarily watch for free was recently shared by developer James Fisher: one is looking for an address of with dots. Let’s take as an example. Then register with Netflix with the same address, but without the dot (s) in it. Netflix does, in contrast to gmail, make a difference between addresses with or without a point, so you can create a (temporary) account without a credit card.

If you have done that and your free month is up, then an email will be sent to, which Google will forward to the owner of This will then receive a legitimate mail from Netflix that the account will expire and that the credit card details are not in order. If you are not paying attention then you have just given someone else a free month of Netflix. That is certainly not honest sharing but clever. Very clever.


This is a sort of inverted phishing because instead of the sender of a mail being fictitious, the weak spot in Google’s system causes a real mail to arrive at the wrong place. Not recognizing a point in addresses is quite useful for people who are easily mistaken and makes sure that many more people receive an e-mail that is intended for them, but as in Belgium is suggested . ] might it be wise for Google to post something of a warning to e-mails that arrived in Gmail but were actually sent to a (semi) wrong address. Is a little effort for Google, and can prevent these jokes from being executed in more ways.

Or yes, avoid: there are enough people who are only half watchful and you can not help with this, but even for the alert internet user it would be nice to get something of a red flag to prevent this. Until then, there is only one thing: nothing and nobody trust. If you receive an e-mail that something is wrong with Netflix or whatever: close the e-mail, go to Netflix or whatever and log in to see if the problem actually exists. Then you can still solve it and you are not at risk.