The word "doppelganger" is a German word meaning "double walker", but it's become more widely used in reference to any double or look-alike of a person .. and now, domain names.
A doppelganger domain name is one that is spelled the same as the original, but missing the "." between the subdomain name, the qualified domain and the extension; e.g. auexample.com instead of au.example.com. A form of typosquatting, these names are registered for malicious purposes such as industrial espionage.
The strategy works on the premise that a small number of emails intended for a company will have a to: address incorrectly typed, or the doppelganger domain can be used in social engineering exploits to dupe workers at a company into thinking that an email requesting sensitive information comes from someone within the company, so is therefore safe to provide. "Man-in-the-MailBox" is the term used to describe such exploiting of the natural trust and relation between certain people or organisations.
According to San Francisco security company Godai Group, research by the firm found 30% of Fortune 500 companies are vulnerable to Doppelganger Domains. Godai Group uncovered potential active doppelganger domains that may be targeting some of the world's biggest brands.
"Attackers are already taking advantage of this vulnerability and they can be harvesting sensitive information from your company already." says Garrett Gee, founder of Godai Group.
Aside from raising awareness of the issue among staff, partners, suppliers and clients, among the recommendations suggested by Godai Group is the registration of potential doppelganger domain names to ensure no-one else can use them for nefarious purposes. The security firm also suggest companies attempt to identify existing doppelganger domains and to take action through the Uniform Domain Dispute Resolution Policy (UDRP), with view to having the registrants' rights to the name revoked.
For registrants of Australian domain names, the threat of doppelganger scenario may not be so great given the strict guidelines in place for registering names in the .au space.
A full whitepaper on the topic of doppelganger domains can be downloaded here (PDF).
Have a web site or blog? Get our free domain news widget.
How to register a name: Enter your choice in the search tool and click 'GO'. If after the check the domain names search results show your choice is available, you will then have the option to proceed to purchase registration; which is a very quick and easy process - start a search and find your ideal website address now.