Mistyped email addresses invite hackers in
Researchers reveal that cyber-criminals use miss-spelt emails, gather sensitive information
Mistyped email addresses can lead to messages ending up in the hands of cyber-criminals, according to research cited by the BBC.
Researchers created web domains that contained commonly mistyped names and, over a period of six months received 20GB of data made up of 120,000 wrongly sent messages, some of which contained enterprise network details as well as individual account user names and passwords.
According to researchers Peter Kim and Garret Gee of the Godai Group, about 30% of the top 500 companies in the US are vulnerable to this security weakness.
The vulnerability arises because of the way that many organizations set up their email systems, using a single domain for their website, but sub-domains for individual business units, regional offices or foreign subsidiaries. Full-stops are used to define the separate words in that sub-domain.
In many cases, if the address is typed in wrong, the message will simply be returned to sender, but by setting up domains using the miss-spelling, cyber-criminals would be able to receive these messages.
"Doppelganger domains have a potent impact via email as attackers could gather information such as trade secrets, user names and passwords, and other employee information," wrote the researchers in a paper detailing their work.
According to the researchers, only one of the companies being impersonated discovered the breach.
They said that a clever hacker could forward the messages they receive on to the intended recipient and therefore cover their tracks.
The research also revealed that many addresses resembling corporate sub-domains are owned by individuals in China or linked to sites associated with malware or phishing.