Emailed The Wrong Persons Can Be Costly and Even Funny

Inspired by 'Another potential threat of Doppelganger domains'.

The original article is written by Kim Zetter.

Basically, this is the summary.

Two researchers who set up doppelganger domains to mimic legitimate domains belonging to Fortune 500 companies say they managed to vacuum up 20 gigabytes of misaddressed e-mail over six months.

Doppelganger domain situation happens when you try to send email to brandonteohno1@yahoo.com and instead you sent it to brandonteohno1@ahoo.com and sometimes event brandonteohnol@yahoo.com.

The article says that when you send email to the wrong email addresses which are categorized as Doppelganger domain, you risk sending confidential information and exposes data lost and suffers data confidentiality breach or something like those.

These researchers set up 30 doppelganger accounts for various firms and found that the accounts attracted 120,000 e-mails in the six-month testing period. The emails that came into these sites include such potentially valuable information as: Full configuration details for the external Cisco routers of a large IT consulting firm, along with passwords for accessing the devices Passwords for obtaining full VPN access into the system that supports the major road tollways in a European country. Lots of miscellaneous invoices, contracts and reports

Mitigating Strategies (recommended by the white paper)

Purchase and register the Doppelganger Domains. On the external DNS, configure those domains to not resolve anywhere so that the send would receive a bounded email notification. Identify if attackers are already using a Doppelganger Domain against your compnay, and file a Uniform Domain Dispute Resolution Policy (UDRP) if they are. Internally configure the DNS to not resolve any Doppleganger Domains, even if your company does not own them. This will protect internal only email from being accidentally sent to a Doppelganger Domain. An alternative to configuring the internal DNS for Doppelganger Domains is to configure the mail server to not allow any outbound email destinations to Doppelganger Domains. Communicate the attack vector to your internal users, customers and business partners. The more awareness they have on social engineering attacks, the less susceptible they will be.