Cybersquatting is a type of fraud in which a minor change is made in a domain name to confuse a consumer into believing they are visiting a legitimate website. The goal of these attacks is to extract login credentials or payment card data from their victims. Cybercriminals leverage a brand’s credibility to attract more users that can be scammed. One such example is PayPal. Cybercriminals attach keywords like ‘secure’ and ‘verify,’ to the end of PayPal, giving the impression it’s an official PayPal website.
Why Squatting Attacks Work
Cybercriminals know most website visitors don’t pay attention to URLs, and the number of potential fake domains that can be created “is almost infinite.
Cybersquatting is an effective way to take advantage of user error and carelessness. Second, it’s cheap for cybercriminals to come up with new squatting domains and register them.
One way to combat the risk is for companies to register some of the more obvious domain names that could be used for cybersquatting.
“Second, they can leverage the Anticybersquatting Consumer Protection Act (ACPA) or ICANN’s Uniform Domain-Name Dispute-Resolution Policy (UDRP) to take hold of the domains or have them taken down. Third, they can contract a cybersecurity vendor that continuously tracks squatting domains.
The Techniques
Malicious actors are using a variety of techniques to trick consumers into believing a site is legitimate. The best known is typosquatting, where a domain is created using a well-known brand name that is misspelled in a manner likely to be missed by the average person.
Typosquatters intentionally register misspelled variants (such as whatsalpp[.]com) of target domain names (whatsapp[.]com) to profit from users’ typing mistakes or to deceive users into believing that they are visiting the correct target domain.
Other variants include:
Combosquatting: When popular trademarks are combined with words such as “security” (netflix-payments[.]com);
Homographsquatting: When domains take advantage of internationalized domain names, or IDNs, where Unicode characters are allowed (microsofŧ[.]com);
Soundsquatting: Taking advantage of words that sound like variants of popular domains (4ever21[.]com for forever21[.]com);
Bitsquatting: When domains differ in one character from the targeted legitimate domain (micposoft[.]com);
Levelsquatting: Using domains that give the impression that they are controlled by a legitimate company (safety.microsoft.com.mdmfmztwjj.l6kan7uf04p102xmpq[.]bid). Source
iTM covers all aspects of cybersecurity from Home cyber security managed solutions to automated, manage threat intelligence, forensic investigations and cyber security training. Our objective is to support organisations and consumers at every step of their cyber maturity journey. Contact Us for more information.