Recruitment Directory's Blog - Australia's #1 Recruitment Technology Blog!

Typo squatting and the doppelganger domain threat

Posted By: Thomas Shaw, 2:20pm Tuesday 04 October 2011

What could you do with 20GB of your competitors sensitive email correspondence without anyone even noticing? A report released by security researchers analysing the effect of doppelganger domain traffic belonging to Fortune 500 companies was able to collect 20GB of misaddressed email over a 6 month period.

A doppelganger domain name is one that is spelled the same as the original, but missing the "." between the subdomain name, the qualified domain and/or the extension;

For example, you could setup a doppelganger domain name called "audrakeint.com" as opposed to the real email country prefix of "au.drakeint.com"

Off the top of my head, I can think of at least 5 other large brands with email subdomains you could attempt this passive attack against including

au.nestle.com

au.pwc.com

au.ey.com

au.unisys.com

au.westfield.com

But, let's get back to how this could affect online recruitment.

If you read the research findings, you will notice that some of the most popular keywords contained in these emails are - secret, private, userid, password, login, confidentiality, invoice, and yes.. RESUME

Who in your organisation is responsible for sending resumes to clients?

Article URL: http://www.recruitmentdirectory.com.au/Blog/typo-squatting-and-the-doppelganger-domain-threat-a437.html

Article Tags: security man in the middle recruitment security doppelganger domains domain names subdomains

Hide Comments (0)

Feel free to join in on the conversation. All comments are moderated before publishing. Comments posted by subscribers don't necessarily reflect the views of Recruitment Directory.

Back to Menu

Search Blog

RSS Feed

Random Blog Articles

Creating an Effective Social Media Strategy, Part 7 - Find Quality Followers to Engage, Don’t Worry About Numbers
Published: 3:07pm Sunday 16 August 2009

Workcircle launches Australian site
Published: 9:47pm Monday 22 December 2008

Sheelagh McKenzie Facebook Application
Published: 8:29pm Monday 01 December 2008

Job Board Statistics - March 2010
Published: 7:02pm Tuesday 06 April 2010

Can your job site translate HTML code?
Published: 6:48pm Sunday 04 October 2009

Latest Blog Articles

Silly mistakes

QR Codes in Print Job Ads

I don't care that you have more LinkedIn connections than me. You can buy them for $5

More jobs than SEEK?

Fail Whale. Phishing link love

if(candidate.experience.contains(it)) ++bonusPoints

For bonus points, apply using the API

"Attaging" with QR Codes - The security threat for mobile recruitment

SMS "Apply" to...

Typo squatting and the doppelganger domain threat

[1] 2 3 ... 44 Next

Newsletter Mailing List

Stay informed of current news, upcoming events and promotional offers.

Top 25 Most Influential

Article Calendar

September 2012 (1)
August 2012 (1)
April 2012 (3)
February 2012 (2)
October 2011 (3)
September 2011 (1)
July 2011 (2)
June 2011 (1)
May 2011 (2)
March 2011 (3)
February 2011 (4)
January 2011 (3)
December 2010 (6)
November 2010 (7)
October 2010 (5)
September 2010 (8)
August 2010 (7)
July 2010 (8)
June 2010 (9)
May 2010 (10)
April 2010 (14)
March 2010 (13)
February 2010 (10)
January 2010 (8)
December 2009 (12)
November 2009 (14)
October 2009 (17)
September 2009 (14)
August 2009 (20)
July 2009 (21)
June 2009 (24)
May 2009 (22)
April 2009 (17)
March 2009 (33)
February 2009 (23)
January 2009 (45)

Your Name:	* Required
Your Email Address:	* Required
Website URL:
Comments:	* Required

Enter the code you see in the image above (case sensitive). Click on the image to refresh it.

Home > Blog	Powered by RecruitmentZOO
Site Map \| Contact \| Privacy Policy \| Terms & Conditions
Copyright © 2007 - 2010 Recruitment Directory Pty Ltd