Doppelganger domain
A doppelganger domain is a domain spelled identical to a legitimate fully qualified domain name (FQDN) but missing the dot between host/subdomain and domain, to be used for malicious purposes.
Overview[]
Typosquatting's traditional attack vector is through the web to distribute malware or harvest credentials. Other vectors such as email and remote access services such as SSH, RDP, and VPN also can be leveraged. In a whitepaper by Godai Group on doppelganger domains, they demonstrated that numerous emails can be harvested without anyone noticing.[1]
Example[]
If someone's email address is "someone@finance.somecompany.example", the doppelganger domain would be "financesomecompany.example". Hence, if someone is trying to send an email to that user and they forget the dot after "finance" (someone@financesomecompany.example), it would go to the doppelganger domain instead of the legitimate user.
See also[]
- Anticybersquatting Consumer Protection Act (ACPA)
- Domain Name System (DNS) – System to identify resources on a network
- Phishing – Act of attempting to acquire sensitive information by posing as a trustworthy entity
- Uniform Domain-Name Dispute-Resolution Policy (UDRP)
References[]
- ^ "Doppelganger Domain whitepaper". Godai Group. 6 Sep 2011.
External links[]
- "Researchers' Typosquatting Stole 20 GB of E-Mail From Fortune 500". Wired. 8 Sep 2011.
- "Bad spelling opens up security loophole". BBC. 12 Sep 2011.
 | This Internet-related article is a stub. You can help Wikipedia by . |
 | This malware-related article is a stub. You can help Wikipedia by . |
- Domain Name System
- Online advertising
- URL
- Network addressing
- Cybercrime
- Trademark law
- Nonstandard spelling
- Internet stubs
- Malware stubs