I was reading this article, it got me thinking about how easy it is to catch a user off guard and get access to their accounts. A dot in an email address is a subtle difference but in that case is the difference between a legitimate request and a phishing one. For some reason, Gmail will let you own all the dotted variations of your email address. So, if you are email@example.com, you can still receive emails on joe.bloggs and jo.ebloggs. There aren’t even any alerts to tell you that an email has been sent to a variant of your primary Gmail address.
Office 365, on the other hand, alerts their users when they spot any signs of a phishing email and prepends the email with something like this: Read more