"By creating web domains that contained commonly mistyped names, the investigators received emails that would otherwise not be delivered."Well, I think I have now seen it all. A Doppelgänger Attack. What is a Doppelgänger you might ask. Well, from my knowledge of music and Schubert amongst others, which you will find in the video attached, a Doppelgänger is
"a paranormal double of a living person, typically representing evil or misfortune. In the vernacular, the word has come to refer to any double or look-alike of a person." (source Wikipedia)
It is so simple, it is almost laughable! Just setup a domain based on commonly mistyped email addresses and just like a fisherman trawls for fish, sit there and hey presto, you will net yourself a whole load of private and sensitive information.
When working on technical support help desks in the past, I wondered where all that rubbish email went. I knew that users made typo errors daily but always assumed that when it did not reach the intended target, that email and it's contents would be destroyed. How wrong I was!
So, what gets me is this - why are we being told this now? Why not warn us years ago? Maybe some one did say something about it but it was not major headline news. It should be major headline news.
I can safely guess that just about everybody who reads this blog or the internet in some way has at least one email address. I can safely guess that at some time, either there email address has been incorrectly spelt or they have spelt an email address incorrectly. Most users probably did not think about it and assumed that it just disappeared into cyberspace with all the other junk mail. I am afraid not.
How can this be avoided? It cannot. Most of your friends and family will know your email address or have it in their address book so there is no issue. But if one of their friends does not know your email address and spells it incorrectly what can you do?
It comes back to a safety first approach. If you are putting something in an email you would not want anyone else to read, DON'T! Email is not secure. Yahoo just recently announced, rather quietly, that they will be scanning your emails for marketing purposes. Go figure. We know Google with their email service keeps your email for up to a year after it has been sent.
You could go the expense of setting up a private email domain in your home but that is not likely to happen. If you cannot communicate important information to another party via the phone or written letter, then I suggest downloading the free encryption software that is available and use it for those emails that you wish to remain private. The free encryption software can be found here:
GNUPG
There is a setup wizard and it takes a little configuration but once setup, it can be used manually or automatically by user choice. So, the next time you send an email that is important, check the spelling.
The Alternative Bollox.
