It seems hackers can gain valuable information from companies online simply with grammar errors. With a mistyped email address a hacker can receive valuable information such as user names, passwords, and other corporate information despite any fraudulent misspelling. Such malicious domains are called “Doppelganger Domains” and are being used to create loopholes that will leave companies vulnerable to identity theft.
A Doppelganger Domain can resemble an existing domain or sub-domain but with the exception of a missing dot in the url. Despite the differences, Doppelganger Domains can receive information that would otherwise not be delivered. The process is quite simple. The person responsible can set buy a domain that resembles an actual domain from a company. This is called “Typosquatting”. The owner of the Doppelganger Domain can then configure an email server to receive all email addressed to that domain, regardless of its lack of authenticity. This type of configuration is called a “Catch-all Email Account.”
What make companies especially susceptible to this loophole is the way their email systems are set up. Though most have a single domain for their website, many use sub-domains for individual business units, regional offices or foreign subsidiaries. Dots used to separate the words in those sub domains. For example, a company could have “bank.com” as its main domain and and “uk.bank.com” as the sub-domain for one of its branches. In order to create a Doppelganger Domain resembling that of the company, one only requires to type one of the domains without the dot. For example, ukbank.com.
If it all still sounds to good to be true, researchers Peter Kim and Garrett Gee of GodaiGroup have recently proven this by setting up their own Doppelganger Domain to send and receive information with each Fortune 500 company. Shockingly, one Doppelganger Domain gained 20GB of data from 120,000 wrongly sent messages over a period of six months. From this, researchers have determined that About 30% of the top 500 companies in the US were vulnerable to this security shortcoming.
This is just the tip of the iceberg. The owner of the Doppelganger Domain can also send replies between the recipient and sender to gain more valuable information. By acting as a middleman, the owner of the Domain can create a malicious network to draw in more valuable information from several companies until they are exposed. the sky is the limit with this type of email fraud.
If you want to learn more about the email loophole, you can read Peter Kim and Garrett Gee research paper here.