Thanks to Chris Cardinal for taking the time to write this up! I think it's important to be aware of current fraud like this since a lot of HN readers are probably also amazon customers (as I am myself).
Also interesting to know about gmail "dot blindness" - kind of like "plus addressing" you could use it to track who adds you to spam lists, by giving out different versions of your gmail address to different vendors (not that most people have time for that - I've never done this).
Plus addressing looks like this: myusername+whatever@gmail.com sends to myusername@gmail.com, but some site's email regex check do not allow this, so dot addressing could be used instead.
Also interesting to know about gmail "dot blindness" - kind of like "plus addressing" you could use it to track who adds you to spam lists, by giving out different versions of your gmail address to different vendors (not that most people have time for that - I've never done this).
Plus addressing looks like this: myusername+whatever@gmail.com sends to myusername@gmail.com, but some site's email regex check do not allow this, so dot addressing could be used instead.