If not redirected, please click here https://www.thesecuritybuddy.com/phishing/what-is-typosquatting-and-how-to-prevent-it/
Sometimes misspelling in the address
bar of a URL of a popular website takes us to a similar looking but
different website altogether. Most of the cases these similar looking
websites are controlled by hackers, who exploit this for illegitimate
purposes. This is called Typosquatting.
Typosquatting is a type of
cybersquatting, where an attacker uses an internet domain name with
the intent of illegitimate profit from the goodwill of a trademark
belonging to someone else. Most of the cases Typosquatting is done by
the attackers with the intent of spreading malware, get revenue from
website traffic or phishing.
Typosquatted URL's
Study says, mainly five types of
URL's are used for Typosquatting :
- Foreign language spelling of a popular website
- Common misspelling or typing error of a popular website, e.g. goggle.com
- A differently phrased domain name, e.g. apples.com
- A different top level domain, e.g. amazon.org
- Abuse of Country Code Top Level Domain, e.g. Google.cm
A user is more likely to wrongly type
these types of URL's in the address bar and the typosquatters exploit
that.
Why is Typosquatting done
There are several reasons for which
attackers do Typosquatting. To name a few :
- To earn revenue from website traffic visited by the visitors with miss-typed URL.
- To redirect the typo-traffic to the competitor of the actual website.
- To try to sell the typosquatted domain to the actual website and earn money illegitimately.
- To redirect the typo-traffic to the actual website, but through the affiliate program, and thus illegitimately earning revenue from the brand-owner's affiliate program.
- To steal sensitive data from the visitors. Sometimes the attackers makes a website looking very much similar to the actual website. As a result, if a visitor visiting the website provides his name, credit card numbers etc by mistake, the information gets stolen.
- Sometimes, these fake websites are used in phishing.
- With a drive-by-download, malware can be installed in a computer by just visiting the website, though the user does not click or initiate installation of any software from the website. Sometimes, these fake websites are used to spread malware.
- To expose users to internet pornography.
From 2006 to 2008, a typosquatted
domain of Google called Goggle.com was used to spread malware and even
rogue anti-malware.
Defenses
One possible
defense of Typosquatting may be to buy variants of domain names that
can be used by typosquatters. For example the following variants of
domain names can be considered :
- Replacement of letter 'O' with number '0'
- Domain names with missing dot (.) between www and the actual domain name. For example, wwwexample.com
- Singular and plural versions of domain names.
- Hyphenated and non-hyphenated versions of domain names.
- Domains with other domain extensions like .net, .org, .com etc.
There are also a number
of tools available which can suggest variants of domains that can be
typosquatted. One such tool can be found here
.
Also, there are a
number of tools available to detect Typosquatting. One such example
may be Microsoft
Strider. One can use the tools for mitigating the risks.
There are more ways to scam people in
internet than ever before. You need to be aware of all these scams
and stay educated and use your common sense.
No comments:
Post a Comment