Tuesday, September 20, 2011
0
By ADuch -
Have you ever accidentally mistyped a recipient’s email address and sent information to the wrong person? If so, you may want to double check what you send and to whom you’re sending it to.
In a recent post on gizmodo.com, two researchers were able to grab 20 gigabytes worth of data from Fortune 500 companies in a span of six months. The researchers set up doppelganger domains to mimic legitimate domains that belonged to Fortune 500 companies. Doppelganger domains are domains that are spelled almost identically to legitimate domains. Therefore, users are vulnerable to email interception when they mistype a recipient’s email address.
To test the vulnerability of a few Fortune 500 firms, the researchers set up 30 doppelganger accounts to see what they would come up with. To their surprise, the accounts they set up attracted 120,000 emails in their six month experiment. Within these emails, the researchers received employee usernames and passwords, trade secrets, employee personal data and contracts for business transactions.
Out of the 30 doppelganger accounts, only one firm noticed what was going on once they registered the domain. Also, out of the 120,000 emails they received, only two senders recognized their mistake.
As you can see, the two researchers were able to grab a ton of valuable information in a short span of time. This information can be extremely harmful to an individual and/or company if an attacker got his/her hands on it. For future notice, please be careful when sending out emails.
For more on this story, follow gizmodo and their latest posts on Security:
http://gizmodo.com/5838708/how-researchers-stole-20-gb-of-e+mail-from-fortune-500-companies
.
