New security issue: typo-squatting

Malware, phishing, pharming, typo-squatting, etc. There’s a long list of security issues we have to deal with every day. Keeping track of these and responding correctly in each case is a veritable minefield. That’s after our newly updated anti-virus app has completely missed the threat.

Typo-squatting is the well-known practice of serving up scams or threats via sites that have been misspelled by the user. ie. user enters www.drell.com instead of www.dell.com and gets sent to an infected web site. This has now been a move to translate this into the realm of email. It consists of using so-called “doppelganger domains” and mail servers for intercepting emails sent by mistake to them.

So you send an email to user@zadomain.com when you meant to send it to user@za.domain.com. There is a registered domain for zadomain.com with an email server waiting for your email. All email can now be harvested by the ‘fake’ server and used for nefarious purposes.

Further on from this scenario, attackers can now also execute Man-In-The-Middle ( or should I say Man-In-The-Mailbox ) attacks by sending the received email on to the correct address. The recipient replies ( without checking the reply-to-address ) and the attacker now receives the response.

Some researchers from Godai Group have also pointed out that these kind of attacks have probably been underway for a while. A number of doppelganger domains have already been set up by individuals that – judging by the domain registrant email information – are mostly (if not all) based in China.

But the worst part of it is that even though companies are aware that typosquatting can present a big problem, only one of the 30 companies for which the researchers have set up doppelganger domains have noticed them doing it and reacted appropriately. Approximately 151 out of the TOP 500 are susceptible to these attacks.

Time to be even more vigilant …