A BBC Report has highlighted mis-spelled email addresses as a key factor in loss of sensitive data via email. Putting a dot in the wrong place or utilizing slight mis-spellings in domain names has presented a security loop hole for malicious attackers to use to steal data.
Many large organisations use multiple sub domains to divide their various divisions either by function or geographically. When using email addresses in this type of environment they can get pretty complex. For example bank.com might use the sub-domain us.bank.com as the email sub-domain for it’s US employees. So, John Smith might have an address like “firstname.lastname@example.org“. Data loss can occur when a user types the wrong email suffix, such as usbank.com. An email to this address would normally be bounced back to the sender with an error as the domain wouldn’t be recognized. It is however very easy for an attacker to set-up the wrongly spelled email domain, putting them in a position where they receive all email for that domain. Researchers have found that by doing this they managed to grab over 20GB of incorrectly addressed mail over a 6 month period. The data grabbed included personal details, usernames, passwords and a bevvy of other sensitive information.
This is a loop hole often ignored by companies, but one that is easily mitigated. By using an information classification tool such a the Boldon James Email Classifier product, organisations can not only categorized their emails by their level of sensitivity, they can also control what domains are allowed to receive emails from their employees. This is known as white-listing. If you would like to know more about email white-listing please contact me or contact Boldon James directly at www.boldonjames.com