Fraudsters can use typosquatting techniques to get their hands on data-filled emails that would otherwise not have been delivered, it has been reported.
According to Peter Kim and Garret Gee of the Godai Group, cyber thieves can get their hands on confidential information by registering web domains containing commonly mistyped names.
Over a six month period, the researchers received 20GB of data to their typosquatter email addresses – with many messages containing user names, passwords and details of corporate networks.
The researchers warned that up to a third of the top 500 US companies are susceptible to this security flaw.
Mr. Kim and Mr. Gee explained that the use of punctuation in email addresses, for the purposes of sub domains, is causing the problem.
If an employee, client or other individual misses out the punctuation mark from the address as they send an email, the message delivery should fail.
However, if the incorrect email address has been registered unscrupulously by a third party, the mail has a destination to arrive at.
“Doppelganger domains have a potent impact via email as attackers could gather information such as trade secrets, user names and passwords, and other employee information,” the researchers said.