Jump to content

Doppelganger domain

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Citation bot (talk | contribs) at 22:33, 30 September 2022 (Alter: title, template type. Add: magazine. Removed parameters. Some additions/deletions were parameter name changes. | Use this bot. Report bugs. | Suggested by Whoop whoop pull up | Category:Malware stubs | #UCB_Category 93/145). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

A doppelganger domain is a domain spelled identical to a legitimate fully qualified domain name (FQDN) but missing the dot between host/subdomain and domain, to be used for malicious purposes.

Overview

Typosquatting's traditional attack vector is through the web to distribute malware or harvest credentials. Other vectors such as email and remote access services such as SSH, RDP, and VPN also can be leveraged. In a whitepaper by Godai Group on doppelganger domains, they demonstrated that numerous emails can be harvested without anyone noticing.[1]

Example

If someone's email address is "someone@finance.somecompany.example", the doppelganger domain would be "financesomecompany.example". Hence, if someone is trying to send an email to that user and they forget the dot after "finance" (someone@financesomecompany.example), it would go to the doppelganger domain instead of the legitimate user.

See also

References

  1. ^ "Doppelganger Domain whitepaper". Godai Group. 6 Sep 2011.