For nearly as long as DNS as has been around, aggressive advertisers and malicious doers have used a technique called typosquatting to take advantage of the fact that most of us aren't perfect typists: They buy up domains and set up realistic-looking yet malicious websites such as www.livve.com, www.live.cm, and www.liv.ecom to exploit users who incorrectly type live.com.
I've considered typosquatting more of a nuisance than anything. The risk it poses isn't nearly as high as that of other pressing threats, such as unpatched vulnerabilities and fake antivirus scams. However, a new typosquatting vector has emerged that warrants warning: Researchers at security think tank Godai Group found that through typosquatting tactics, they were able to dupe people into sending them legitimate, private emails intended for Fortune 500 email servers.
[ Download Roger Grimes's new "Data Loss Prevention Deep Dive" PDF expert guide today! | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. | Get a dose of daily computer security news by following Roger Grimes on Twitter. ]
The researchers set up their own email servers using various typosquatting, also known as doppelganger domains. Unwitting users then sent legitimate email to these domains, most likely unaware of their mistake. According to the final report, "During a six‐month span, over 120,000 individual emails (or 20GB of data) were collected, which included trade secrets, business invoices, employee PII, network diagrams, usernames and passwords, etc."
If -- or rather, when -- an employee, partner, or customer types your email domain name incorrectly when sending a message, it is possible for the owner of a doppelganger domain to intercept it. The sender won't even receive a rejection message. A savvy squatter could send a plausible, convincing-looking response to further allay the sender's suspicions. I'm not sure that even I would be suspicious, and I've been in the IT security business for 20 years.
