Have you registered your ‘Doppelganger’ domains?
Here’s an article describing the use of so-called ‘Doppleganger’ domains to intercept and steal information:
Researchers steal 20GB of corporate emails via doppelganger domains
Essentially, by taking advantage of typos, the researchers were able to intercept corporate emails, many containing sensitive information in them. This is similar to someone registering a domain misspelling to grab free web traffic, and show advertising. However, the email intercept puts a new twist on it.
Here’s the reason – you can intercept mis-typed emails “silently” – either discard them, or forward them on to the real intended recipient. Nobody can tell what you are doing with the information you glean. The sender / recipient may never realize the email was misdirected.
For example, you have a domain abc.com. Your Division in Germany is “de.abc.com” – so I email to my colleague overseas, using “joe@de.abc.com” – however, I misspell it as “joe@deabc.com”.
Now, if some nefarious person has registered “deabc.com” and set up a mailserver there to accept all incoming email, they have just intercepted that email. If that email contained any passwords, or company secrets, well, it could be very damaging to the company. Keep in mind that an external customer emailing a sales rep would be susceptible to the same mistake.
So, is your company at risk for this kind of attack? If so, you should consider registering these alternate domains, and checking into any doppelganger domains that were already registered.
Category: E-commerce Comment »