Typosquatting turns to e-mail

At a Black Hat conference presentation in early August, Oliver Friedrichs from Symantec remarked on the underappreciated threat to e-mail posed by typosquatting domains. Typosquatting domains are common mis-spellings brand names that are generally registered to present advertising the web traffic mistakenly visiting those domains.  And typosquatting domains are often used in phishing schemes.  

Friedrichs highlighted a domain that was a typo of a major defense contractor's main domain name and was registered in China.  This typosquatted domain had no Web page, but it could receive e-mail. So errant e-mails intended for a defense contractor could be ending up in the hands of foreign competitors or industrial spies.

The implication for financial institutions and online businesses is similar.  By registering typosquatting domains, criminals can easily capture e-mail that is intended for your company, but has been mis-addressed due to a typing error. While most often that mail will be innocuous, there will be times when these errant e-mails contain confidential client or business information that in the wrong hands could cause your business harm.

The response to this threat is actually pretty simple.  This e-mail threat is another reason to protect the area "around" your domain name.   By registering the top 100 to 500 most common typographical variants of your main business domain(s), you can buy a cheap and effective defense against typosquatting crime.