Feeds

back to article Typo-squatting domains can harvest corporate emails

Typo-squatting domains might easily be used to intercept misdirected corporate emails, according to new research. Domain typo‐squatting has long been used as a means to expose butter-fingered users who accidentally misspell a legitimate domain to malware. So-called doppelganger domains take advantage of an omission instead of a …

COMMENTS

This topic is closed for new posts.
Facepalm

wouldn't encrypted email solve this ?

2
0
Thumb Down

@Curmu

I could in theory, but it won't in practice, because few will use encrypted emails and these users will only be able to talk to each other and not those who don't use encryption. Bit like asking everyone to learn and talk Esperanto, a great idea, but highly impractical. Also even if everyone did upgrade to compatible encryption, you then have the same problem with typo-squat domains issuing look alike crypto key identities, and even if you use DNSSEC to validate these domains and keys, the typo squat domains will still validate using a near identical chain. The fact that joe@micorsoft.com is a different identity to joe@microsoft.com will simply shift the problem of getting the email address right to one of getting the key identity right.

3
1
Silver badge

welcome to 1988

re: Cormu. Only if the encryption is very strong, and is unique to each email message, otherwise, once a senders encryption is broken, all of their future email is readable.

This has been an issue since 1988 or earlier. It also demonstrates that the extra text stuffed into every corporate email message admonishing recipients that if they weren't the intended recipient they have to report the receipt and delete the message... are a waste of time.

0
2

>This has been an issue since 1988 or earlier. I

Try 1944 or earlier - it's the method used to break Enigma & similar

>it also demonstrates that the extra text stuffed into every corporate email message admonishing recipients that if they weren't the intended recipient they have to report the receipt and delete the message... are a waste of time.

Yup - on both sides, in many different ways. But I won't open that can of worms (hah!) here, just acknowledge that it exists..

1
0

Does seem to be case of research proving the bleedin' obvious.

6
0
Anonymous Coward

Indeed

Yes, indeed. The company I used to work for ran a web site on a server which came with email reception switched on "for free". After running some tests with the MX records for one of the domain names we didn't normally use, I noticed e-mails of a distinclty legal and confidential variety arriving. Turns out that there is a law firm in London with a name composed of two surnames which are very similar to the surnames that made up our company name. There was a difference of only two characters being swapped. I killed the MX records and forwarded the emails to the correct recipient explaining what had happened and suggesting they might like to warn their clients to be more careful. They never replied.

1
0

Slow friday

in other news, I can open letters delivered to my house but not intended for me when sloppy senders use my address rather than some one elses.

5
0
Silver badge
FAIL

Had this happen to me once accidently

Picked a likely name for a blog, set up a site, all mail forward to my regular address.

First day got thousands of emails from servers all over the planet. Turns out some enterprise server backup vendor had mistyped the domain name to send the backup logs to in their example configuration. And end users were using it unmodified. Awkward.

0
0

Validation

In a corporate environment couldn't they just validate email addresses against a list of known addresses? Outlook, as in the one corporations like universities use, does this.

0
4
Anonymous Coward

I bought a domain with the same name as our local council, except that mine was the .org.uk and theirs was the .gov.uk - and discovered that some council employees did not know their own domain name. They even printed a booklet for council tenants with an email address repairs@ my domain so I started to get requests to go round and fix the odd dripping tap. (I did forward these on.)

0
0

Reminds me of my previous life in the aerospace industry.

Our company and their genius IT guys did what they could to keep the exchange servers online so it wasn't a surprise that our e-mails would always contain a disclaimer about the contents of the message and no delivery guarantee.

Now I can agree the masses won't use encrypted e-mail but for corporate america it's a no brainer. There is no guessing with delivery (even with un-encrypted e-mail) however it is possible for spam filters to get in the way of things.

There was no reason for us to use plain text or html e-mail. It also may of been helpful to have some shredders around and not use the waste can for e-mails we printed.

But I wasn't a decision maker and while im out of that world im sure it hasn't changed all that much. When things fall apart don't worry because SMB will take the blow while the big fish continue to muck up the waters.

0
0
Anonymous Coward

Sounds like a great idea...

Create a typo-squatter style domain and wait for first mis-addressed email to come in. Create a second typo-squatter domain very similar to that of the sender. Proceed as man-in-the-middle forwarding on the emails but 'from' your typo-squatter domains. The correspondents might send a whole series of emails before they twig what is happening. Mwahaha!

0
0
Bronze badge
Joke

Do I misunderstand,

because you seem to be describing sending forged e-mails back and forth only to yourself on your other false server... that can't be right, but it would account for the real people not noticing what you're doing! Until you yourself mistype and send to the real address...

0
2
Anonymous Coward

Seen it happen many times

We have typosquatters doing this with our web site addresses, email domains, and even having bogus ssh servers to catch out server admins (our internal network is routeable). The latter is no use to them though as we use 2-factor auth :).

With the email domains, our outbound gateway specifically catches the typo domains and auto-corrects them, re-routing the email to the correct place, preventing the opportunists from harvesting internal stuff at least.

Anon because, well, we like you to think we're secure.

0
0
FAIL

In other words...

...If you don't write the address properly, the email might go to somebody else!

/faints with surprise

1
0
This topic is closed for new posts.