By Max Clarke
Some 120,000 potentially sensitive emails intended for Fortune 500 companies have been intercepted by Sophos security researchers exploiting the simple typo, the company’s blog reveals.
By buying up domains similar to their targets’, attackers are frequently sent messages by employees inadvertently misspelling the address. In six months, researchers Peter Kim and Garrett Gee received more than 120,000 emails equalling a staggering 20Gb of data. Among the hoard were company secrets, user login details and other sensitive information which could easily be used by attackers.
The practice, known as ‘typosquatting’, is not a new one, writes Mark Stockley on Sophos' blog, and so it is surprising to see how much personal data was inadvertently mis-sent to potential attackers by employees’ careless spelling.
To remedy the growing risk of fraud from this simple proactive, Stockley recommends companies invest a small sum buying up as many domains similar to theirs as possible, to prevent attackers from doing so. Using encrypted emails as well as simply encouraging more attentive spelling will also help reduce risk.
Join us on