'Doppelganger domains' threaten Fortune 500

Posted by Kate Taylor

Nearly a third of Fortune 500 companies have failed to receive emails because of a new type of so-called typo-squatting.

Researchers from security firm Godai Group say that over a six-month period, over 120,000 emails to the companies went astray.

Typo-squatting - whereby crooks register domain names very similar to those of legitimate companies and then sit back and wait for users to misspell them - have been around for years.

but what Godai Group calls Doppelganger domains are harder to spot, as they simply drop the dot between the host/subdomain and the domain.
Many large companies use a number of subdomains for communicating with regional offices. While a company might have company.com as its main domain name, for example, internal emails to the US office might go to us.company.com.

While mistyping would normally result in the message being bounced back to the sender, it goes through if a Doppelganger domain has been set up by somebody else.

"Attackers are already taking advantage of this vulnerability and they can be harvesting sensitive information from your company already," says Garrett Gee, founder of Godai Group.

"We want to bring awareness to companies so that they can further protect their information".

Godai says it was able to harvest data including user names and passwords, as well as a trive of trade secrets and other company information.

They found that a number of Doppelganger domains had already been regsitered, presumably by criminals. These included ausintel.com (instead of aus.intel.com), chndell.com and caibm.com.

Companies should register such domains themselves, says Godai.