Mispelt Emails may Reach Cyber Criminals

By siliconindia   |   Wednesday, 14 September 2011, 00:09 IST
Printer Print Email Email
Bangalore: Security researchers have revealed that web users who unintentionally spell an e-mail address wrong may find their messages end up in the hands of cybercriminals. Scientists at the security consultancy Godai Group constituted a number of web domains that featured commonly misspelled names or those that were missing a dot in specific places, known as doppelganger domains. In six months, Peter Kim and Garret Gee collected over 120,000 emails featuring these spelling errors. Had the doppelganger domains not existed the messages equated to 20GB data,it would have been returned to the original sender. The scientist stated that many of these messages contained user names, passwords, and even details of corporate networks. The scientists wrote that the attacker would purchase the doppelganger domain and configure an email server as a catch-all account to receive all messages to that domain, regardless of the username that the message is addressed to.Some people often mistype email addresses while sending out messages, and attackers rely on this natural human error to collect sensitive information reported eWeek.com.