We all use e-mail, as it is the quickest means of communication, today. However, while sending a mail do you verify the e-mail address you type in? A slightly misspelled e-mail ID can easily take your confidential mail to a stranger’s inbox, and in turn, misuse the content of your e-mail. Even while entering a website name in the web browser, a misspell can lead you to another domain. This incident in Internet space is known as Typosquatting or URL hijacking. A typosquatter registers multiple domain names that are very close to some other popular domains. For example, Goggle.
Typosquatters heavily bank upon the probability of typographical errors made by Internet users when typing a website or e-mail address. Such dubious domains that spell similar to reputed ones are called Doppelganger domains.
Companies often buy such typos or domains, to prevent misuse of typographical errors. To prove this, two researchers Peter Kim and Garrett Gee, who own a small information security firm called Godai Group, carried out a doppelganger experiment.They bought as many as 30 Internet domains that were similar to those of Fortune 500 companies. After six months,around 1,20,000 e-mails landed to their doppelganger addresses. These mails contained passwords, trade secrets, and personal information about employees of prestigious companies. One such e-mail carried complete details and access password for the external Cisco routers of a large IT consulting firm. Apart from business, technology, media, aerospace and even personal details including bank account information and credit card statements were intercepted.
Typing errors do happen and that too when you are pressed for time. So, the next time you type an e-mail ID or a web address, make sure you verify it before hitting the "Send" button. Additionally, you can save the addresses to your contacts to avoid any hurried slip-ups and consequential embarrassment.