What is typosquatting?

Hackers and cyber criminals have evolved social engineering tactics to trick unsuspecting individuals into divulging private information or valuable credentials. One such evolving tactic is typosquatting, a form of social engineering attack that tries to lure users into visiting malicious websites with URLs that are common misspellings of legitimate sites. These websites can cause significant damage to the reputation of organizations that are victimized by these attackers and harm users who are tricked into entering sensitive details into fake sites. Both system administrators and users need to be aware of the risks and take steps to protect themselves.

Is typosquatting new?

Typosquatting is not new, in fact it is one of the earliest methods of credential phishing attacks. This Spambrella article explores the rising trend of typosquatting and what these attacks could mean for the ever changing digital threat landscape.

Is Typosquatting the same as phishing?

Typosquatting is often linked to a broader phishing attack that begins with the attacker purchasing and registering a new domain with a misspelling of a popular website. For example, a popular misspelling of Spambrella may be Spambrela or Spumbrella etc. Non registered domain suffixes such as .co or .cloud may also be used.

A typosquatting attack does not become dangerous until a URL is delivered (by email, web advertisement, forum link, sms message etc) and the target individual has clicked the URL. Normally as a next step these rogue websites will then have simple login screen bearing familiar logos that try to imitate the real company’s corporate identity.

If the user does not realize they are visiting a fake website and enters sensitive details, such as their password, username, or credit card number, into the page, the cybercriminal gets full access to that data. If a user is utilizing the same password across several sites, their other online accounts are likely to be exploited as well. This is a cybercriminal’s payout: identity theft, ruined credit reports, stolen records, and sometimes worse.

Have businesses fallen victim?

Businesses often fall victim to typosquatting as the domains used often have good reputations with global DNS lists. Not so long ago many health insurance customers fell victim to a typosquatting attacks when they received a phishing email that pointed to we11point.com, with the number 1 replacing the character “l” in the URL.

When the international domain name rules were changed to allow anyone to register a URL with an extension previously tied to specific countries, it created a brand new wave of typosquatting attacks. One of the most prevalent ones seen today is when a cybercriminal registers a .om domain that matches a popular .com domain to take advantage of accidental omissions of the letter “c” when entering a web address.

How can Spambrella help?

Spambrella utilizes Proofpoint Targeted Attack Protection (TAP) which is included within our feature named ‘URL Defense‘. TAP (URL Defense) automatically rewrites links found in incoming email messages in order to evaluate whether or not the linked content is malicious. As phishing and other targeted attacks become more sophisticated, TAP is a solution that meets the challenge and helps protect the Spambrella community and its resources.

How Does TAP Work?

TAP works by redirecting links that appear in email messages you receive. In most cases, this redirection will be completely unnoticeable to you. In some cases – including unformatted or “plaintext” email messages – you may see the rewritten link, which will begin with https://urldefense.proofpoint.com. Any clicks on the re-written link will first go through the security filter which can further detect malicious web pages. If the actual linked page is safe, you will reach the intended site; if not the page will be blocked and you will see a message explaining why.

More on Typosquatting on Wikipedia https://en.wikipedia.org/wiki/Typosquatting