Typosquatting: Who is REALLY reading that email you just sent?

Kordel

Wired magazine recently reported that researchers at the Godai Group collected over 20GB of highly confidential and crucial information from various Fortune 500 companies, through the simple (and dastardly) technique of “TypoSquatting”.

TypoSquatting is a very basic type of exploit, that can easily be run by the most novice of hackers. It employes a “doppelganger” domain (that is, a domain that is almost identical to the target domain, but differs in extremely minor ways) to catch emails and/or web traffic that was mistyped. Effective attacks make particular use of common misspellings, extremely long domain names, and other commonly “typo’d” domains. A few examples would be “e v erlysystems.com” for this website, or perhaps “ya j oo.com’ for a major search provider.

Execution of the attack is extremely simple – the attacker establishes the domain, creates a catch-all email account, and sits and waits (for months, years, or indefinitely) as emails come wandering in from users who simply mis-typed or mis-spelled their intended recipient. As a result, confidential conversations, trade secrets, sensitive documents, or even user credentials can be gathered and stored, with little or no interaction on the hackers part. A simple search of the collected emails can yield extremely valuable and volatile information!

I have personally experienced an even more aggressive type of attack (and more commonly known), called “Phishing”. Phishing can be accomplished many ways, but in this particular instance, the attacker combined Phishing with a Doppelganger domain, to make it appear as if a legitimate company and employee had intentionally placed a large order with a client of mine. Clicking the provided link in the persons signature took me to the company website, which was in perfect order, contained real, current information and employee profiles, and was even verifiable through the Better Business Bureau and online searches. However, careful inspection of the email revealed the attack. A barely noticeable swap of an “i” and “e” in the email address’s domain name disguised a clever ruse to defraud – copying the Sent From email domain (not the one included in the signature’s link) took you to a totally separate, “under construction’ dead-end. Replying to that email, and ESPECIALLY conducting business with the individual on the other end, would have ended badly for!

To sharpen the point, consider these details from Wired’s write-up…

“The e-mails they collected included one that listed the full configuration details for the external Cisco routers of a large IT consulting firm, along with passwords for accessing the devices. Another e-mail going to a company outside the U.S. that manages motorway toll systems provided information for obtaining full VPN access into the system that supports the road tollways. The e-mail included information about the VPN software, usernames, and passwords.

The researchers also collected an assortment of invoices, contracts and reports in their stash. One e-mail contained contracts for oil barrel sales from the Middle East to large oil firms; another contained a daily report from a large oil firm detailing the contents of all of its tankers that day.

A third e-mail included ECOLAB reports for a popular restaurant, including information about problems the restaurant was having with mice. ECOLAB is a Minnesota-based firm that provides sanitizing and food safety products and services to companies.”

So… take notice. Whenever possible, don’t hand-type that important email address. Instead, be sure to “reply’ to the senders message. If you HAVE to type it, double and triple check it against the persons business card, website, or other published source. If you must send sensitive information, always send a probing email without any sensitive data – a savvy user will understand why you sent a simple “Hi Bob, is this the best address to use?” before you send over that important item.

In-the-Field Device Management: Why It Matters for Your Business

By Guest Blogger December 9, 2025
Why Device Management Is Critical

SECURITY NOTICE: Calendar Phishing - A New Way Hackers Try to Trick You

November 25, 2025
What Is Calendar Phishing?

Cybersecurity Hygiene 101: What Every SMB Should Be Doing

November 4, 2025
Why Cybersecurity Hygiene Matters for SMBs

Leading with AI: How SMBs Can Leverage Artificial Intelligence to Strengthen Every Critical IT Role

October 28, 2025
Why Leading with AI Matters for Small and Medium-Sized Businesses

SECURITY NOTICE: Fake CAPTCHA

October 10, 2025
Fake CAPTCHA Sites Hijack Clipboard to Install Malware

SECURITY NOTICE: Business Email Compromise

October 10, 2025
Understanding Business Email Compromise (BEC)

The Cyber Cold War: How Global Tensions Are Reshaping the Digital Battlefield

By Kordel Eberly August 17, 2025
Welcome to the Cyber Cold War
fish hook

Catching the Big Phish

By Eberly Systems September 20, 2024
We're all in the same boat trying to avoid cybercrime! Here's our top ways to identify a potential phishing attempt.

Key Notes from the Security Team: Q3 2024

By Eberly Systems September 10, 2024
Focus on integrating with new team members and new customers

Key Notes from the Security Team: Q2 2024

By Eberly Systems July 9, 2024
Keeping you abreast of security news