What is a Typosquatting attack?
A typosquatting attack is a type of attack where the threat actor mimics a legitimate domain to target the victims. In this type of attack, the threat actor looks for the target domain that he and she want to target and alter the domain. The attack is one of the most successful attacks technics used by the threat actors. The attack is very difficult to detect as most of the users will consider it as a legitimate domain. However, the attack can be detected by implementing some countermeasures.
One of the most used tool to generate a typosquattitng domain is dnstwister | The anti-phishing domain name search engine and DNS monitoring service, the tool can help you generate domains or find the domains that can be used to mimic your domain.
Types of typosquatting:
Combosquatting
The attacker adds a word to the legitimate domain to trick the users to click on it. Example:
The legitimate domain facebook.com will be altered to helps-facebook.com.
Bitsquatting
The attacker changes one or more bits of the legitimate domain to trick the user. Example:
Facebook.com will become fasebook.com
Soundsquatting
The attacker uses the technic calls “Homophones” to trick the user. Example”
Fare.com will become faire.com
Levelsquatting
The attacker uses the legitimate domain, follow by the phishing domain. Example:
Facebook.com will become facebook.com.ghdhwhj.com
Homographing
The attacker uses the technic calls homoglyph by changing one character from the legitimate domain. For example:
Faceboo.com will become fäcebook.com (the “a” changed to ä)
You can use the homoglyph generator to alter any domain you wish (Homoglyph Attack Generator and Punycode Converter (irongeek.com))
Typosquatting detection and protection:
- Security awareness and training
- User tool like dnstwister | The anti-phishing domain name search engine and DNS monitoring service or Recorded Future: Securing Our World With Intelligence to find the domain mimicking your brand
- Block all domains mimicking your brands
- Performing DNS lookup to verify the domain owner
In conclusion, the typosquatting is a type of attack that alter the legitimate domain to target the users. The attack is very difficult to detect but by combining different methods and technics, the users can be protected.
Bangaly Koita is a Cyber Security Analyst and researcher working for Radarcs Cyber Security in Vienna-Austria. As a passionate in cyber security, he writes articles to share his knowledge and experience to the vast community of IT but in general Cyber Security.
