Typosquatting Continues to Pose Dangers to Enterprises, Consumers

Staff Writer
By Staff Writer

Brand Protection | domain management | domains |

While typosquatting is not a new phenomenon, recent research highlights that it is being used to collect sensitive corporate information from employees and lure consumers to interact with dubious websites.

Typosquatting is a type of cybersquatting where cybercriminals register a domain name that closely resembles a well-known site or brand, often taking advantage of common typos people make while typing in URLs. Once a user unknowingly types in a typosquatted domain or uses a typosquatted domain in an email address, unintended events begin to happen.

Security consultancy Godai Group recently uncovered the use of specific type of typosquat – a doppelganger domain” – to collect sensitive enterprise information via email-based attacks. A doppelganger domain is one that is not misspelled but instead is missing a dot between the subdomain and domain. An example would be “mailyahoo.com ” which targets Yahoo!’s popular mail service “mail.yahoo.com.” The researchers found that 30% of the Fortune 500 (or 151 corporations) were susceptible to doppelganger domain-based attacks.

To demonstrate just how vulnerable companies are the researchers bought 30 doppelganger domains relating to Fortune 500 companies. Over six months over 120 000 individual emails (and 20 gigabytes of data) were captured by these domains along with sensitive information such as trade secrets business invoices employee login credentials network diagrams etc. The information was collected through a passive attack where the cybercriminal configures an email server to catch all email addressed to the typosquatted domain.

Godai Group also described another type of attack – a Man-in-the-Mailbox attack – which could leverage two doppelganger domains to intercept email communications between two companies. This type of attack would succeed if both email sender and recipient were unaware of the mistyped email domains.

Other recent findings by M86 Security and OpenDNS highlight attacks targeting consumers by leveraging typosquatted domains based on popular websites. M86 Security for example discovered at least 15 typosquatted domains targeting YouTube. OpenDNS came across a typosquatted domain targeting Twitter (which was still up at the time of this blog posting). If consumers mistakenly type in one of these typosquatted domains they would enter either an online survey or dating website carrying the branding – as well as the trust – of the official site. The goal of these sites is to entice users to take a quick survey and provide their credentials in exchange for a prize. In the end however consumers often walk away with their credentials stolen signing up for unwanted services and possibly even malware on their computer.

So how can brands protect their employees and customers? Here’s a short list of recommendations:

 

    • Proactively register defensive domains: if brands own doppelganger domains and other common misspelled domains names the risk of these types of attacks is greatly reduced.

 

    • Monitor for typosquatting abuse: brands should continuously monitor newly registered domain names for typo/cybersquatted names targeting their brands. Early detection allows brands to take action before significant damage is done.

 

    • Take quick action: as typosquatted domain names (including doppelganger domains) are confusingly similar to trademarks brands have good success in recovering these domains either through cease-and-desist letters or UDRP.

 

    • Educate employees and customers: if both audiences are made aware of these types of attacks which involve sophisticated social engineering techniques then they will be less susceptible to them. Sending alerts while current attacks are live will help mitigate the impact as well.

 

    • Modify DNS and Email Server configurations: corporations can either configure their internal DNS to not resolve any doppelganger domains or their mail servers to prevent any outbound emails from reaching doppelganger domains.

 

Brand Protection, domain management, domains,

 

Related Post

Branddy Spence 3 min read 09 Sep, 2020

The Evolution of E-Commerce amid COVID-19

OpSec Connect: The evolution of e-commerce amid COVID-19

In the second webinar of the...

Online Brand Protection, Brand Protection

Branddy Spence 5 min read 08 Aug, 2020

Leadership in licensing: A conversation with Maura Regan

A fun-filled and insightful conversation on modern leadership in the licensing...

Licensing, Brand Protection,

Stefanie Wood Ellis 3 min read 08 Aug, 2020

Why SSL Certificates Have Become the New Frontier of Phishing

In 2020 so far, over half of all phishing sites the OpSec Online AntiFraud Security...

Brand Protection, consumer protection,

Get All News Updated to your inbox