Spelling mistakes can lead to online security breaches

[socrates]

If you have a friend with a very complicated email address or even just a name you frequently misspell like mine, you have to be extra careful when typing out their addresses when you send them an email. Researchers have found that cyber thieves create commonly misspelled domains and usernames for email addresses. What this means is when you make a mistake in spelling the name of the intended recipient's email address, it could end up in the inbox of a cyber thief instead of just bouncing back to you. Investigators looking into this have grabbed 20GB from over 1,20,000 wrongly sent emails in the past six months. Of course, some of the intercepted emails contained private information like usernames and passwords, as well as private corporate information.
Usually, it's companies that fall victim to this practice. When a company has one domain for their website and multiple domains for their individual business units, they tend to differentiate between domains with the use of dots. So for instance, a multinational television company in the US would have the email address us.company.com, while in India they might have company.india.com. If a sender messes up the placement of the dots and the order of the words, chances are, the email will end up in the hands of thieves.


Some attackers that are actually clever will go unnoticed by being a middle man. The obvious way such a practice would be caught would be that recipients keep reporting that they're not receiving emails intended for them, but senders aren't getting emails bounced back. A clever thief would actually forward on the email to its intended sender. Of course, this means, that when the recipient hits reply and an email chain starts, that's more information that a thief receives. Mark Stockley wrote on the Sophos security firm's blog, "A determined attacker with a modest budget could easily afford to buy domains covering a vast range of organisations and typos."
http://tech2.in.com/news/web-service...reaches/240462

[suyash_123]

Quote:

Originally Posted by socrates

If you have a friend with a very complicated email address or even just a name you frequently misspell like mine, you have to be extra careful when typing out their addresses when you send them an email. Researchers have found that ..................

Spelling mistakes can lead to online security breaches

thanks Buddy thanks For Info!!!

[JojoTheDragon]

Well, this is common. Sometimes when we mistype an URL, it takes us to a crappy site and these crappy sites often have "domain for sale" written in big letters.

[KDroid]

Thanx. But this is no NEWS!

This should have been posted in the Community Discussions.

[thetechfreak]

Looks like lately you have started to spam this section with MULTIPLE threads each day with news like- Microsoft Server Down,etc

Please stop this. Post only usefull News.

[socrates]

Quote:

Originally Posted by thetechfreak

Looks like lately you have started to spam this section with MULTIPLE threads each day with news like- Microsoft Server Down,etc

Please stop this. Post only usefull News.

I think you are referring to 'Microsoft's Hotmail, other cloud services go offline due to a technical snag'. I posted that as I thought it might be useful to some who use that service, also it brings to mind the robustness of 'cloud' services in general. Seems you don't use that service hence find it irrelevant. Strange there are no complaints on that thread. Also I don't think there is any restriction on how threads/posts one can make AND whatever I post here is because I think it might be useful to some member, of course it cant satisfy all. Even this thread where some have commented that its old news etc will be surprised how many 'experts' exist on the internet who 'know a lot' about security AND still fall prey to some of the most basic tricks. I should know as being in that line I have to then help these people so I think these type of warnings which may seem like crap to some can be v useful to some others.

BTW If you think something is irrelevant please complain to the admin. Let them decide.

[Vyom]

You have given us something to ponder upon.
It's amazing in how many ways, can data be lost in Cyber world!
Thanks for the heads up!

[socrates]

A pvt bank comes to my mind where it uses abcbank.com for its email bank statements & abcbank.net for marketing emails. In the past they used to use only the .net domain for everything then started using the .com domain, giving the .net domain a rest for a few years then started using the .net domain along with the .com Even though there are no spelling mistakes in this case it does muddy the waters & creates confusion in the minds of customers who do check all these parameters, one wonders why they need two domains? The best joke is they regularly send emails warning customers about phishing attacks & other net scams.