Doppelganger domains causing email man-in-the-middle woes

Security experts are warning internet users to be extra cautious when typing in email addresses after revealing that 30 per cent of Fortune 500 companies are susceptible to 'doppelganger domain' email addresses set up by criminals to harvest mis-typed messages.

The practice is similar to typo-squatting, but involves registering a domain spelled identically to a legitimate fully qualified domain name but which misses the dot between host and domain.

Information security think tank Godai Group explained in a report that so-called doppelganger domains are becoming increasingly popular among cyber criminals as a way of intercepting important emails between, for example, a customer and their bank.

By purchasing 30 such doppelganger domains, the researchers managed to harvest 120,000 emails for which the destination address was mis-typed by accident, containing 20GB of sensitive data including trade secrets and business invoices.

Attackers could also use doppelganger domains to create a man-in-the-middle attack by forwarding any mis-typed emails between companies.

In this way the eventual recipient will be unaware that they are replying to a doppelganger domain and not the real one, the report warned.

Web consultant Mark Stockley said that a determined hacker could buy domains covering a vast range of organisations, and that companies must encrypt and password-protect sensitive data, and consider defensively registering key doppelganger domains to reduce the risks.

"Organisations can also prevent emails being sent to specific misspelled domains through their DNS or mail server configurations. Of course, this approach won't prevent people outside your organisation misspelling your domains," he wrote on the Sophos blog.

"Finally, if you believe somebody is using typo-squatting to attack your company you may wish to file a Uniform Domain Dispute Resolution Policy against them."