Here at FairWinds, we are all too familiar with the threats that typosquatting poses to brands in terms of diverting or stealing customers; exposing those customers to scams or malware; diluting brand image; and other potentially harmful activities. But a recent article in Wired describes a new level of typosquatting malfeasance. Researchers built a program that used typographic variations of major companies’ domain names to set up email servers, and collected over 20 gigabytes of misaddressed email over a period of six months.
The intercepted emails all contained what the researchers labeled “doppelganger domains,” named as such because they closely resemble the target domains, with only slight typographic variations. The emails revealed information like employee usernames and passwords; legal documents; trade secrets; and even highly sensitive network information that could easily be exploited by hackers.
The research revealed that as many as 151 of the Fortune 500 could be vulnerable to this type of email-grabbing scheme. Many “doppelganger domains” of the largest U.S. companies have been registered by parties in China, perhaps for corporate spying purposes. In addition to stealing information, cyber criminals could also use these typo domains to stage man-in-the-middle attacks on two companies that are corresponding.
And as is the case with other manifestations of typosquatting, the researchers concluded that companies can avoid this type of scheme by proactively registering and reclaiming typo, or “doppelganger” domains.