IT | Security

Dangers of Doppleganger Domains and Typosquatting

By: Absolute Team | 9/29/2011

Typosquatting, also known as URL hijacking, involves a cybersquatter (using a domain name in bad faith) sitting on domains that are very similar to a known website address. Typical typos are often prey to this kind of attack and may lead unwary visitors to fake websites - sometimes these fakes are obvious, other times they may put the Internet user at risk for cyber crime.

In some cases, typosquatting can lead to the interception of sensitive information. A Wired article recently examined an example of researchers who set up doppleganger domains (almost identical domains but with a spelling error or missing dot in a subdomain) that were able to intercept sensitive information via emails to these incorrect addresses.

This example is a part of research on the prevalence of doppleganger domains done by Kim Zetter and Garrett Gee which showed that 30% of Fortune 500 companies were potentially vulnerable to having e-mail intercepted by similar schemes. The researchers also found evidence of potentially malicious typosquatting targeting these companies.

“Most of the [vulnerable companies] only had one or two subdomains,” Kim said. “But some of the large companies have 60 subdomains and could be really vulnerable.”

To mitigate the risks, companies should buy up any free doppleganger names available for their company, looking for common mis-spellings and dropped punctuation in subdomains. Companies can also configure their networks to block DNS and internal e-mails sent by employees that might get incorrectly addressed to the doppelganger domains.