Typosquatting is a common problem on the Web, as scammers register domains related to admire Websites to scam users who accidentally mistype a domain name. Numerous recent Web security studies recommend those Internet users require being more careful about their typing to avoid Web scams and receiving compromised by malicious sites. Researchers at the defense consultancy Godai Group set up domain names to facilitate variations of rightful Websites belong to Fortune 500 companies. Over the course of six months, the researchers collect more than 120,000 individual emails contain trade secrets, business invoices, employee personal recognition information, system diagrams, usernames and passwords, the researchers told in a description that had been released on last week.
The domains use in the research were not misspelled, but were misplaced the "dot" between the sub domain and the domain in the address. For instance, Yahoo uses "mail.yahoo.com" for its mail service. A doppelganger domain might be "mailyahoo.com". The attacker might acquire the doppelganger domain and arrange an email server as a catch-all account to obtain all messages to that domain, in spite of the username that the note is addressed to. People frequently mistype email addresses when sending out messages, and attackers rely on this normal human error to collect sensitive information, the researchers wrote. "Essentially, a simple mistype of the target domain could send anything that is send over email to an accidental destination," the authors write in the statement.
Regarding 30 percent, or 151, of the Fortune 500 companies the researchers analyze were vulnerable to this type of man-in-the-mailbox attack, the details said. Researchers Peter Kim and Garrett Gee suggested that organizations acquire doppelganger domains as a defensive calculate against these types of attacks. In detail, researchers exposed that some of the major companies previously had doppelganger domains registered to locations in China and to domains "connected with malware and phishing scams."