How’s your spelling?

12th September 2011

Did you know that making a simple spelling error or even missing a dot in an email address could mean that important information could be given to cyber thieves.

By creating websites with commonly mistyped names investigators received emails that would not normally be received neither addressed to them.
Over the period of 6 months 20GB of data was collected from over 120,000 wrongly sent messages. Some of the data collected included user names, passwords and details of corporate networks.

30% of the top 500 US companies were shown to be vulnerable to this common mistake.

This problems starts to happen when organisations set up their email systems with sub-domains. For example if a large American car sales business takes the domain carsales.com, it could use us.caresales.com internally for it’s staff emails.

Normally if the address is typed with a dot but is sent without a dot then it’s returned to the sender but if there has been a similar address set up by cyber thieves then they have the potential to gain personal information such as trade secrets, user names, passwords and employee information.

We hope you take this information into consideration next time your inputting an email address.

Comments are closed.