Researchers flag phony domains in e-mail security study

Nancy Owano

email

A paper released this week shows how an e-mail scoffing technique picks up personal employee information, company secrets and passwords almost effortlessly with just the setting up of domain and e-mail server. The researchers discovered business invoices, employee personal identifying information, network diagrams, user names, passwords, and trade secrets were part of the treasure trove of e-mail information that was captured by phony domains set up for the experiment.

The paper is titled "Doppelganger Domains," and as its title suggests the technique involves an e-mail address that at first glance looks identical to the real address but is missing a dot between subdomain and domain. While "typo-squatting" is nothing new, doppelganger domains are a troublesome variant. They are troublesome because the involved error is so easy to make and so easy not to instantly recognize. A no-dot omission instead of a misspelling can do considerable damage. As The Register phrased it, it is a case where "executive butterfingers get slurped by honeypots" just because of the sender missing the dot between host/subdomain and domain. An attacker’s "uscompany.com" versus the "correct" us.company.com is an example. Attackers could configure their email server to vacuum up email addressed to that real domain. Corporate giants are easy targets, with their heavy usage of email, accompanied by the likelihood of mis-sent e-mails.

ā€¦ Read More>>

Advertisements

Comments are closed.

%d bloggers like this: