A missing dot in an email address might mean messages end up in the hands of cyber thieves, researchers have found.
By creating web domains that contained commonly mistyped names, the investigators received emails that would otherwise not be delivered.
Over six months they grabbed 20GB of data made up of 120,000 wrongly sent messages. Some of the intercepted correspondence contained user names, passwords, and details of corporate networks.
The problem arises because of the way organisations set up their email systems. While most have a single domain for their website, many use sub-domains for individual business units, regional offices or foreign subsidiaries. Dots or full stops are used to separate the words in that sub domain. For example a large American financial group may take bank.com as its corporate home but internally use us.bank.com for staff email. Usually, if an address is typed with one of the dots missing, ie usbank.com, then the message is returned to its sender.
But by setting up similar doppelganger domains, the researchers were able to receive messages that would otherwise be bounced back. BBC news – tech section.
If your brand is your name I would encourage you to purchase misspellings. I have customers who have 3-4 misspelt domains. They do receive the occasional email on those spellings. I do realise you cannot cover all the typos – but you can cover the most important ones.
Bottom like never send important login passwords like bank account logins or other important passwords over emails full stop. It is very easy for hackers to get hold of these logins.
Also never use the same password for all your accounts. It is safer to have different passwords and also change your password once in two months or so.