Skip to main content

Mis-placed sensitive emails 'hoovered up' in doppleganger domains experiment

Rachel Wheeler Archive
The potential for lax online address verification to lead to the mistaken publication of secure and sensitive information has been laid bare by a security think tank.

Researchers from Godai Group claims to have intercepted 20GB worth of wrongly addressed email over a six-month period, having set up domains to mimic those of Fortune 500 companies.

Employee usernames, passwords and other security information was among the haul of sensitive data collected in the investigation, the results of which are outlined in a white paper from the think tank.

The findings suggest that nearly a third (31 per cent) of Fortune 500 companies are vulnerable to being targeted in this way.

Authors note: "Doppelganger domains have a potent impact via email as attackers could gather information such as trade secrets, user names and passwords, and other employee information.

"In large corporations, email usage is extremely high which dramatically increases the likelihood of mis-sent emails and data leakage."

Posted by Rachel Wheeler