This website uses cookies to improve your experience and deliver relevant information.

on Monday, 12 September 2011

Doppleganger domains as an attack vector?

An article published by the BBC draws attention to a potential attack vector which has enabled a team of researchers to gain 120,000 mis-directed emails within six months, including usernames, passwords, and details about corporate networks.  Is this another potential attack vector that companies should seriously consider as part of their data security, or simply a PEBKAC error?!

It has long been suggested that when purchasing the domain name for your business, you also purchase the other variations thereof - including, .com, .net, .org, etc - both to stop people registering these and hence have your potential mis-typing customers land on their sites, but also to ensure that email addresses which users might mis-type cannot be set up maliciously, hoping for typos.

What is a doppleganger domain?

The latest development that was reported today by BBC News is a similar tack - the registration of domain names that are similar to sub-domains that might be in use for a corporate network and mis-typed (for example, missing the dot in and registering, setting up to intercept these mistyped emails).

This is quite a clever, if a little time consuming, tactic.  Remember once you type in an email accidentially using the wrong address, it is often remembered by your mail client, making the accidental chance of using it again higher.

Who should be concerned?

My thoughts on this are that larger corporates who use such sub-domains with email addresses attached that may be transferring sensitive information have a duty to consider whether they need to register the domains in a pro-active measure to prevent this happening.  Of course, staff education can't be underestimated - ensuring they either use an email from their global directory, or don't make typos, would prevent this all together!

This would not be a problem for smaller organisations unless they are making use of subdomains with associated email addresses - in which case SME's should take notice as well.

From the information provided this has not yet been exploited 'in the wild' however I can foresee that people may consider using this just to see if they can get any information.

For the cost of a domain name registration, can you really afford to lose sensitive information to unsavoury eyes?


Virya Group provides a range of solutions to your technology needs