Maliciously Misleading Domain Names are Everywhere Online
Typos are endemic - everyone makes them. And attackers are betting on that tendency. Who knew that rendering the name of a company’s URL slightly differently would be an effective means to launch a potentially serious chain of events?
Instead of securityweek.com, imagine someone keyed in securitywek.com and registered it as their own domain? What would happen is that anyone who made that easy mistake sending an email to the typo’d URL or visiting the squatted website would find their message going somewhere other than where they had intended or, worse, that their browsing session is potentially interrupted by a malicious destination. Any information exchanged, pilfered or just simply tracked could help enable more malicious attacks, the site visitor could become susceptible to misinformation or the spoofed organization could become the easy victim of fraud.
What if the lookalike domain name was used in a phishing email, masquerading as the link to a legitimate website and encouraging the recipient to click on it? For example, instead of Sony.com, the name was rendered as S0ny.com, where the letter ‘o’ was replaced with a zero. How many people would notice the difference?
That’s not just a theoretical conjecture; it’s an established tactic in the world of cybercrime. It even has a name: Domain typo-squatting. And its growth has spawned a lobbying group – The Coalition Against Domain Name Abuse, or CADNA – to advocate for new government regulations. That’s because the practice of typosquatting is a lot more extensive than most people realize. According to FairWinds Partners, an internet strategy consulting group, the top five misspellings of ‘myspace.com’ each receive over three million visitors a year.
The problem is compounded by th ..
Support the originator by clicking the read the rest link below.
