Typosquatter Used Misspelled Domains to Intercept Email, Claims $1 Million Lawsuit

Photo: pocius/Flickr

A man accused of typosquatting is being sued for $1 million by a law firm that alleges he set up a domain that mimics the law firm’s domain name. The firm says he did so in order to intercept email communications intended for its attorneys and staff.

Arthur Kenzie is being sued by Gioconda Law Group, which says that he set up email accounts under a doppelganger domain, GiocondoLaw.com, that is designed to catch email that is intended for the law firm’s domain, GiocondaLaw.com, if senders mistype the address.

The law firm claims that Kenzie has infringed its trademark and unlawfully intercepted its email, according to InfoWorld.

According to the complaint, Kenzie set up the domain on Jan. 19. The firm also asserts that clients or prospective clients “may attempt to contact our attorneys or staff using the Group’s e-mail address, and misspell the e-mail address as ‘@GiocondoloLaw.com’, which would then be intercepted by the unauthorized Registrant.”

According to the lawsuit, Kenzie also set up doppelganger domains to intercept mail intended for McDonald’s, MasterCard, NewsCorp and McAfee.

Last year, Kenzie purchased two doppelganger domains for defense contractor Lockheed Martin as well — LockheedMarton.com and LockheedMartun.com. Kenzie insisted he was just doing research in order to offer security services to the company.

In his defense, Kenzie claimed in arbitration that he was just doing what a group of researchers did last year when they revealed that they had siphoned 20GB of email from Fortune 500 companies by registering doppelganger domains that resembled the names of real company web sites. The researchers in that case, however, published a paper about their results to warn companies that they could be vulnerable to typosquatting techniques and did not attempt to sell security services to the affected companies.

An arbitration board found Kenzie’s assertion of innocence disingenuous saying the domains he registered were “confusingly similar” to the defense contractor’s and ordered him to give the domains to the Lockheed Martin.

Earlier this year, Kenzie also contacted security researcher HD Moore, chief security officer at Rapid7 and creator of the Metasploit security tool, and told him that he had obtained six email messages intended for Moore after setting up a doppelganger domain for Moore’s personal domain, digitaloffense.net. Kenzie allegedly offered to sell the doppelganger domain to Moore for $295 and, when Moore didn’t respond, sent him a message indicating that he planned to disclose on his blog that Moore had become a victim of typosquatting.