Select Website 

Recruitment Directory's Blog - Australia's #1 Recruitment Technology Blog!

Back to Menu Back to Menu

Typo squatting and the doppelganger domain threat

Posted By: Thomas Shaw, 2:20pm Tuesday 04 October 2011    Print Article

What could you do with 20GB of your competitors sensitive email correspondence without anyone even noticing? A report released by security researchers analysing the effect of doppelganger domain traffic belonging to Fortune 500 companies was able to collect 20GB of misaddressed email over a 6 month period.

A doppelganger domain name is one that is spelled the same as the original, but missing the "." between the subdomain name, the qualified domain and/or the extension;

For example, you could setup a doppelganger domain name called "audrakeint.com" as opposed to the real email country prefix of "au.drakeint.com"

Off the top of my head, I can think of at least 5 other large brands with email subdomains you could attempt this passive attack against including

au.nestle.com
au.pwc.com
au.ey.com
au.unisys.com
au.westfield.com

But, let's get back to how this could affect online recruitment.

If you read the research findings, you will notice that some of the most popular keywords contained in these emails are - secret, private, userid, password, login, confidentiality, invoice, and yes.. RESUME

Who in your organisation is responsible for sending resumes to clients?



Article URL: http://www.recruitmentdirectory.com.au/Blog/typo-squatting-and-the-doppelganger-domain-threat-a437.html

Article Tags: security man in the middle recruitment security doppelganger domains domain names subdomains

Comments Hide Comments (0)

Feel free to join in on the conversation. All comments are moderated before publishing. Comments posted by subscribers don't necessarily reflect the views of Recruitment Directory.

Your Name: * Required
Your Email Address: * Required
Website URL:
Comments: * Required
Refresh
Enter the code you see in the image above (case sensitive). Click on the image to refresh it.
 


Back to Menu Back to Menu



Random Blog Articles

Is your Job Application Form redirecting candidate applications to identity thieves?
Published: 1:52pm Wednesday 10 February 2010

Destination Talent
Published: 7:38pm Friday 02 January 2009

Job ad of the month - I'm tired of writing boring adverts for boring Recruitment Consultants
Published: 9:26pm Monday 05 July 2010

Is mobile going to become the recruitment platform of choice?
Published: 3:29pm Wednesday 16 December 2009

Find a Job on Twitter
Published: 12:18am Wednesday 17 June 2009