Every week here at SurfWatch Labs our team of threat analysts write about new vulnerabilities, malware developments and cyber-attacks. One attack vector that is not mentioned very frequently but can be a significant threat for organizations and consumers alike is a technique called typosquatting.
Typosquatting is an attempt to trick users into thinking they have landed on their desired website, but in reality the user has landed on a website with a similar looking domain name that is controlled by cybercriminals. It’s an old technique, and security-conscious organizations often try to secure those domain variations that arise from typos.
However, a study last year described how companies remain vulnerable to typosquatting and found that most organizations do very little to protect their customers from the threat.
Key findings from the study:
- Few trademark owners protect themselves against typosquatting by defensively registering typosquatting domains for their own domains.
- The study found that 95% of the most popular 500 websites researched were targeted with typosquatting.
- Hackers are increasingly targeting longer domains.
- Some companies secure potential typosquatting domains but then choose not to renew them, leaving them vulnerable.
TypoSquatting Attack Example
A great example of a typosquatting attack was used against the popular online first-person shooter game Counter-Strike: Global Offensive. The hackers set up a convincing spoof, tricking gamers into believing they were on a legitimate site for the game. The fake site was listed as csgoloungcs.com, while the legitimate site is csgolounge.com.
Not only were visitors of the fake site tricked into sharing their login credentials, a Trojan downloader was pushed on them, leading to malware infections.
Another example found malicious actors taking advantage of the .om top level domain. Earlier this year, Netflix users who mistyped the address as netflix.om were redirected to a fake Flash update page.
Typosquatting is one example of the many opportunistic type of threats facing organizations. It doesn’t require sophisticated techniques, and it’s an easy way to leverage popular brands in order to entrap customers who aren’t aware of such scams.
Typosquatting scams can lead to a variety of consequences for users — from account takeover to identity theft — and those consequences can easily spill over to the organizations being impersonated in the form of disgruntled customers, bad press, or having to deny a breach when stolen credentials are put up for sale on the Dark Web.
All that trouble can be largely avoided by being vigilant about identifying common typographical mistakes related your organization’s domains and purchasing them to keep them out of malicious actors’ hands.
One thought on “Typosquatting: Easy Attack Vector That Produces Results”