Researchers have found that a dot missing in an email address could mean that messages end up in the hands of cyber thieves.
How is this done?
The cyber thieves create web domains that contain commonly mistyped names and then they receive emails that would otherwise not be delivered. It was found that over a six month period they received 20GB of data made up of 120,000 wrongly sent messages.
Why is this a security risk?
This is because the intercepted correspondence contained user names, passwords, and details of corporate networks. So meaning that these cyber thieves could easily hack your accounts. Approximately 30% of the top 500 companies in the US were vulnerable to this security shortcoming according to researchers Peter Kim and Garret Gee of the Godai Group.
Why does this happen?
The problem occurs because of the way organisations structure their email systems. Most have a single domain for their website, however, many use sub-domains for individual business units, regional offices or foreign subsidiaries. Dots or full stops are used to separate the words in that sub domain. For example a large American car manufacture group may take carname.com as its corporate home but internally use us.carname.com for staff email. Usually, if an address is typed with one of the dots missing, i.e. uscarname.com, then the message is returned to its sender. Although, by setting up similar doppelganger domains, the researchers were able to receive messages that would otherwise be bounced back.
A smart attacker could disguise what they were doing by passing on the message to its correct recipient and relaying back any reply. By the cyber thieves acting as a middleman the likelihood of more messages being mis-sent using the "reply" function increases. Further research by the investigators demonstrated that some cyber criminals may already be exploiting keyboard errors. A search uncovered many addresses resembling corporate sub-domains which were owned by individuals in China or linked to sites associated with malware or phishing.