The authors even detailed how to perform a man-in-the-middle email attack, such that the sender and the intended recipient are essentially unaware of the plot. In a nutshell, the typosquatter sets up two bogus domains: one of the sender's domain and one of the receiver's. When the sender emails a message to the receive, the squatter can intercept it (assuming it isn't protected using S/MIME or some other protection method), read it, then forward it on to the intended recipient's domain using the bogus version of the sender's domain. The receiver might not notice the misspelled domain name in sender address. Again, I'm not sure I would.
This form of typosquatting attack hasn't been widely adopted yet, but the researchers have convincingly demonstrated it's a viable tact. More than likely, it is already being used in the real world. In fact, I'd bet that corporate-espionage types have been using email typosquatting for a long time. Why wouldn't they? The researcher hit a gold mine of confidential information in a few months of testing. The author also noted that several "doppleganger domains" are already registered to China, a hot bed of APT (advanced persistent threat) activity.
As is generally the case, organizations can take steps to defend themselves. One common tactic is for a company to register as many domains as possible that are potential typosquatting targets. The best defense is a good offense.
Second, it can't hurt to include information about this threat in the email security section of your end-user education documentation.
Third (I got this idea from a client), consider using an outbound/inbound Internet proxy that automatically forbids or detains network traffic sent from sources that are unrecognized or unranked by proxy content-subscription ranking services. I was skeptical of this client's approach at first, but he reports a very high success rate with a very low record of false positives.
Readers, what other ideas do you have to combat typosquatting?
This story, "Typosquatting hacks: Finger slips sink ships," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes's Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.