typosquatting attack

Typosquatting attack - Created with the help of ChatGPT

 
 

What is a typosquatting attack?

A typosquatting attack is a type of cyber threat where an individual or group registers domain names that are slight misspellings of well-known websites. The idea is to exploit the common typos or errors that users make while entering a website address in their browser. For instance, an attacker might register a domain like "googgle.com" or "amazoon.com" hoping to catch users who mistype "google.com" or "amazon.com."

When users accidentally visit these deceptive sites, they may encounter various types of security threats, including:

  • Phishing: The fake site might be set up to look like the legitimate one, tricking users into entering sensitive information like login credentials, credit card details, or personal information.

  • Malware: These sites might also be used to distribute malware. When a user lands on the site, they might unknowingly download malicious software that could harm their device or compromise their personal data.

  • Advertising: Sometimes, these sites are filled with ads, generating revenue for the attacker whenever they are clicked.

  • Spreading misinformation: In some cases, these sites may be used to spread false information or propaganda.

The success of typosquatting relies on the lack of attention or carelessness of internet users when typing web addresses. It's a reminder of the importance of being vigilant while browsing and double-checking website URLs, especially when entering sensitive information.

How to identify typosquatting

Attackers use several clever tricks in typosquatting to make letters in a domain name look like other letters, thereby deceiving users. Here are some common tactics:

  • Character Substitution: Swapping one character for a similar-looking one, such as replacing 'l' (lowercase L) with '1' (the number one), or 'o' with '0' (zero).

  • Homoglyphs: Using characters from non-Latin alphabets that look similar to Latin letters. For example, using the Cyrillic 'а' (which looks like the Latin 'a') or the Greek letter 'ο' (which looks similar to the Latin 'o').

  • Adding or Removing Characters: Simply adding an extra character (e.g., 'Googlle.com') or omitting one (e.g., 'Gogle.com') can create a domain name similar enough to the original to deceive users.

  • Transposition: Swapping two adjacent characters. For instance, 'amzon.com' instead of 'amazon.com'.

  • Striking Similarities: Using characters that, when placed together, resemble another character. For example, using 'r’ and ‘n' to mimic 'm' (e.g., 'rnicrosoft.com' where the 'r' and 'n' together look like an 'm').

  • Subdomain Trickery: Creating a subdomain that mimics a full domain. For instance, using 'http[:]//www[.]microsoft[.]com[.]maliciousdomain[.]com'. Here, 'microsoft.com' is actually a subdomain of 'maliciousdomain.com'.

  • Top-Level Domain (TLD) Manipulation: Using different top-level domains (like .net instead of .com) or newer TLDs (.info, .biz, etc.) with the correct second-level domain name. A popular one for attackers is the .xyz top level domain

These methods exploit the quick, often inattentive way people read and recognize web addresses, banking on the likelihood that they won't notice the small discrepancies. Being aware of these tricks is a key step in avoiding falling victim to typosquatting.

Have I Been Squatted was created to help people see what similar domains may have been registered to perform typosquatting attacks.