14 DAY TRIAL // A recent study shows that because of mistyped email addresses a lot of important information could be sent into the wrong hands.
Domain typo‐squatting is widely used by spammers and hackers to spread out malicious messages to those who mistype a letter in the name of an address. The new type of scam, using Doppelganger Domains, consists of buying a name similar to a legitimate one, but missing the dot between the domain and the subdomain. Godai Group researchers Peter Kim and Garrett Gee, the authors of the paper, have put up a small experiment to prove their point.
They've purchased 30 hostnames that were very similar to the ones owned by important companies and corporations and then they sat back and observed the results.
In no time they realized that this wasn't a joke and when the experiment was over 6 months later they've found themselves with 120.000 emails, representing 20 gigabytes of data received on the dummy accounts.
The statistics are clear. 425 of them contained the word “secret”, while 405 messages contained a password for a certain service.
The researchers stated that these Doppelganger Domain can be used by hackers for man-in-the-middle attacks.
For instance, by purchasing a hostname called “usbank.com”, a hacker could easily receive a lot of emails sent to “us.bank.com” and then automatically forward all the messages to the correct address.
If the attacker would want to receive what is coming from “us.bank.com”, he would purchase a domain name very similar to the original sender's while making sure that "us.bank.com" receives everything with the fake return address.
The study shows that the most susceptible companies are in fact specialty retailers, followed closely by commercial banks and those who deal with food consumer products and telecommunications.
If you own such a business and you want to protect it against these types of attacks you should do the following: - buy the Doppelganger Domain yourself and set it up so that when a message is received, it will automatically send out a failure notification; - raise awareness on the issue among employees, partners and customers; - if attackers are already using such means against your company, you can always file a Uniform Domain Dispute Resolution Policy against them; - configure internal DNS records so they don't resolve certain addresses that might be part of a scam. This way at least you can make sure your employees don't send any private information by mistake.