Recruitment Directory's Blog - Australia's #1 Recruitment Technology Blog!
What could you do with 20GB of your competitors sensitive email correspondence without anyone even noticing? A report released by security researchers
analysing the effect of doppelganger domain traffic belonging to Fortune 500 companies was able to collect 20GB of misaddressed email over a 6 month period.
A doppelganger domain name is one that is spelled the same as the original, but missing the "." between the subdomain name, the qualified domain and/or the extension;
For example, you could setup a doppelganger domain name called "audrakeint.com" as opposed to the real email country prefix of "au.drakeint.com"
Off the top of my head, I can think of at least 5 other large brands with email subdomains you could attempt this passive attack against including
Article URL: http://www.recruitmentdirectory.com.au/Blog/typo-squatting-and-the-doppelganger-domain-threat-a437.html
Article Tags: security man in the middle recruitment security doppelganger domains domain names subdomains Hide Comments (0)
But, let's get back to how this could affect online recruitment.
If you read the research findings, you will notice that some of the most popular keywords contained in these emails are - secret, private, userid, password, login, confidentiality, invoice, and yes.. RESUME
Who in your organisation is responsible for sending resumes to clients?