Researchers get 20 GB of data taken from mistyped emails

Have you ever written an email that you sent out and later discovered that the email address was incorrectly spelled? You might think that email would just disappear and never be read by anyone. But according to a new Wired article, that may not be the case. Researchers from the Godai Group announced this week that it had established a number of doppelganger domains that were similar to the domains owned by real Fortune 500 companies. In just six months the group claims it received over 20 GB of data from emails that were accidentally sent to the doppelganger domains.

The domains that the Godai Group set up has just one letter or character that was different from the legitimate domains. The emails that the group received as a result of the misspellings included sensitive information like passwords, legal documents, contracts, trade secrets, network security info and more. The group received over 120,000 e-mails in this manner from the 30 doppelganger domains it created. Only one of the companies discovered that the group had established such a domain and threatened the group with legal action if it didn't give up ownership of that address, which the group said it did.

The group didn't name which companies it had received misspelled emails from via the domains it set up. However it did say that 30 percent of all Fortune 500 companies are vulnerable to such actions. It also said that a number of large companies such as Dell, HP, Yahoo, Intel and others have had similar doppelganger domains purchased by registrants in China. The group recommends that large companies secure the doppelganger domains not currently in their possession. If someone else has already bought such a domain, the company can set up blocks that would prevent employees from sending emails to those domains.

Report a problem with article
Previous Story

CBS cuts ties with media outlet for false death tweet

Next Story

Using the MacBook Air as a kitchen knife

16 Comments

Commenting is disabled on this article.

In related news, 20GB worth of sensitive emails have been published on file sharing and whistleblower websites in recent days......

dancedar said,
Don't people have auto complete for emails our are people still living in 2005/Hotmail?

Eh, Hotmail has auto-complete...

dancedar said,
Don't people have auto complete for emails our are people still living in 2005/Hotmail?

Does that work if you are sending a message to an email address you have not used before?

Too bad author of this article did not go into details. The miss-types in that case were just dots
so for example they registered seibm.com (in replace of se.ibm.com), nothing more fancy than that, just removed dots

SHADOW-XIII said,
Too bad author of this article did not go into details. The miss-types in that case were just dots
so for example they registered seibm.com (in replace of se.ibm.com), nothing more fancy than that, just removed dots

How much info do you want lol? He said they mistyped the email addresses, and that's what they did.

No need to criticise just for the hell of it.

Hardcore Til I Die said,

How much info do you want lol? He said they mistyped the email addresses, and that's what they did.

No need to criticise just for the hell of it.

I consider Neowin to be more professional news page than bbc-like in the matter of IT information, so slight technical details is what would give (in my opinion) the edge over other news websites

SHADOW-XIII said,
I consider Neowin to be more professional news page than bbc-like in the matter of IT information, so slight technical details is what would give (in my opinion) the edge over other news websites

I don't think the majority of people care about such minute details. What's the difference between sending email to "support@somewebsite.com" or "support@somewebstie.com" rather than "support@some.website.com" ? - none.

Ummm... sensitive information? S/MIME anyone? Really. Even if you send to internal domain recipients Security 101 says encrypt.

The register-every-possible-domain-which-may-look-like-yours idea is plain hilarious.

Yeah, I'm very careful about that. Check, and recheck, the Sender's name several times before sending, for 'important' emails.