A List of Temporary Email Domains as a Threat Intelligence Source to Fight Typosquatting

A reliable cybersecurity system relies on robust and accurate threat intelligence. Sources that organizations often use are data feeds that provide a list of IP addresses and domain names. However, another data source that could prove valuable is a list of disposable email domains. A data feed that contains a list of fake email addresses could be a rich source of possible typosquatting domain names, among others.

What Are Typosquatting Domain Names?

Typosquatting occurs when domains that look similar to the official domain names of reputable and legitimate businesses and organizations are used abusively or even maliciously. Threat actors often misspell the domain name, so instead of gmail[.]com, you would see gmall[.]com. They can also use a different top-level domain (TLD) extension, turning wellsfargo[.]com into wellsfargo[.]xyz.

Because of their similarity with official domains, typosquatting domains often successfully perpetrate cybercrime, particularly phishing and business email compromise (BEC). Their victims tend to overlook the misspellings and believe the emails they receive are from the companies being imitated. A list of temporary email domains could reveal typosquatting domains, allowing organizations to strengthen protection against phishing.

Typosquatting Domains Found on a List of Disposable Email Domains

Email Providers

Users of disposable email providers may want their email domains to look like the real deal. We found hundreds of domains on our list of fake email addresses that mimic popular email providers like Gmail, Yahoo, MSN, Hotmail, and Outlook.

  • Gmail: 193 disposable email domains are misspelled variations of gmail[.]com.
193 disposable email domains are misspelled variations of gmail[.]com.
  • Yahoo: We found 20 fake email domains that imitate Yahoo and yahoo[.]com.
  • MSN: We saw 13 MSN lookalikes on our list of temporary email domains.
  • Hotmail: We found 35 temporary email domains that are typosquatting on Hotmail.
  • Outlook: We saw 26 disposable email domains mimicking Outlook.

Financial Sector

Several companies in the financial sector are among the most imitated. And so, it’s no surprise that we found several typosquatting domain names on a list of temporary email domains too. Here are some of them:

  • Paypal: We have seen several phishing attempts that abuse Paypal using a variety of typosquatting domains. On the particular list of disposable email domains we have, we saw three Paypal lookalike domains.
  • Banks: Banks are among the favorite targets of phishers. In one scheme, for example, they can send an email to account holders telling them their online accounts have been compromised, and they need to reset their passwords. Once a victim clicks the reset password link and provides the required information, his/her sensitive details are transmitted to the threat actors. The cybercriminals can then access the victim’s bank account or sell his/her personally identifiable information (PII) on the Dark Web. Our list of temporary email domains detected 124 domains that contain the word “bank.” Plenty of phishing email addresses can be created using these email domains.

Other Typosquatting Domains  

Our list of fake email addresses also detected typosquatting domains with the following themes:

  • Coronavirus disease – 37 email domains
  • OneDrive – 8 email domains
  • Toyota – 29 email domains
  • Apple – 31 email domains
  • Walmart – 26 email domains

Email domains that are related to the COVID-19 pandemic can be used to spread disinformation or lure people into malicious e-commerce sites that sell fake health products. On the other hand, OneDrive, Toyota, Apple, and Walmart are popular brands with millions of customers. A portion of these customers falling victim to phishing campaigns would be lucrative for threat actors.

With thousands temporary email domains detected, there could be more typosquatting domains that require scrutiny. These typosquatting email domains are just one reason why a list of disposable email domains is a valuable source of threat intelligence. Not only will such a list detect typosquatting and prevent phishing, but it could also strengthen email security solutions and email verification strategies.