Beware of Doppelganger domains when registering your web address

Design

Registering a domain name for your business is often a challenging process. Not only have you got to think of a suitable name (which may or may not match your company name), you'll also need to consider how the domain will perform within the search engines, as domains rich with keywords often perform better than those containing no-keywords at all. That means you'll have to research search volumes associated with your industry, and make a decision accordingly.

You'll also need to make sure that your domain name cannot be misconstrued or translated to mean something else which could be offensive to some users (if you fancy a laugh, check out this list of unfortunate domain names).

Finding a suitable domain name is difficult

Perhaps one of the most difficult stages of buying a domain name is actually registering it. It seems strange to say but an awful lot of domain names have been registered already - meaning you're going to have to come up with a pretty unique name in order to find one which hasn't yet been acquired. Of course, if you're set on a particular URL and you feel you have rights over it, you could always go down the legal route in order to acquire it. Beware, this could be costly.

Doppelganger Domains are another concern

A further point to consider, which has recently come to light, is that of 'Doppelganger domains'. Doppelganger domains are lookalike web addresses which can often go unnoticed by most, until of course, it's too late.

A recent study has identified that Doppelganger domains are being setup across the world in order to capture data which is sent to misspelt email addresses. The information collected includes usernames and passwords to 'secure' locations, as well as details of corporate networks.

How do Doppelganger domains collect data?

Let's say that you need to email your Bank Manager, Joe Bloggs, who works in the UK arm of the fictitious 'My Bank' organisation. You'd probably have to send your query to joe.bloggs@uk.mybank.com in order for him to receive it. However, were you to misspell the email address by omitting the '.' between the 'uk' and 'mybank' parts of the domain, you'd end up sending your enquiry to a completely different organisation ('UK My Bank') through the email, joe.bloggs@ukmybank.com. See the difference?

If a Doppelganger domain does not exist, it's likely that your email will bounce and you'd receive notification from your server. You'd then be able to check the email address you typed in, amend it, and then resend to the correct recipient. However, should a Doppelganger domain exist, you would not receive a bounce and any information you send via your email, would then drop into the database behind the Doppelganger domain.

The value of data

Even if you haven't sent any passwords or usernames etc, the impersonators will have your email address and will more-than-likely have your name also. If they wanted to, they could sell this information without your knowledge or approval.

It is said that around 30% of the top 500 companies in the US were vulnerable to this type of security shortcoming. That said, it's probably worth thinking about how your domain name might be misspelt so that you can buy up the misspelt domain names as well as your principle URL. That way, you're able to mitigate the risk which could lead to disgruntled customers and your employees.

Leave a comment