What is typosquatting? A simple but effective attack technique



Typosquatting definition

A typosquatting attack, also known as a URL hijacking, a sting site, or a fake URL, is a type of social engineering where threat actors impersonate legitimate domains for malicious purposes such as fraud or malware spreading. They register domain names that are similar to legitimate domains of targeted, trusted entities in the hope of fooling victims into believing they are interacting with the real organization.

How typosquatting works

Threat actors can impersonate domains using:

  • A common misspelling of the target domain (CSOnline.com rather than CSOOnline.com, for example)
  • A different top-level domain (using .uk rather than .co.uk)
  • Combining related words into the domain (CSOOnline-Cybersecurity.com)
  • Adding periods to the URL (CSO.Online.com)
  • Using similar looking letters to hide the false domain (ÇSÓOnliné.com)

“Can you see the difference between goggle.com and google.com?” says Russell Haworth, CEO of Nominet, which acts as the registry for the .uk domain. “Essentially, typosquatting is a lookalike domain with one or two wrong or different characters with the aim of trying to trick people onto the wrong webpage.”

Registering a domain is quick and easy, and attackers can register several variations of the legitimate target domain at the same time. Typosquatted domains can be used as the entirety of an attack or a smaller part of a larger campaign for these purposes:

Extortion: Sell the typo domain back to the brand owner.

Ad fraud: Monetize the domain with ads from visitors via incorrect spelling, redirect users to competitors, or redirect traffic back to the brand itself via an affiliate link and earning commission on every click.

Copyright © 2020 IDG Communications, Inc.


Source link