Monday, December 28, 2015

What is Typosquatting ?



Sometimes misspelling in the address bar of a URL of a popular website takes us to a similar looking but different website altogether. Most of the cases these similar looking websites are controlled by hackers, who exploit this for illegitimate purposes. This is called Typosquatting.




Typosquatting is a type of cybersquatting, where an attacker uses an internet domain name with the intent of illegitimate profit from the goodwill of a trademark belonging to someone else. Most of the cases Typosquatting is done by the attackers with the intent of spreading malware, get revenue from website traffic or phishing.



Typosquatted URL's


Study says, mainly five types of URL's are used for Typosquatting :

  • Foreign language spelling of a popular website
  • Common misspelling or typing error of a popular website, e.g. goggle.com
  • A differently phrased domain name, e.g. apples.com
  • A different top level domain, e.g. amazon.org
  • Abuse of Country Code Top Level Domain, e.g. Google.cm

A user is more likely to wrongly type these types of URL's in the address bar and the typosquatters exploit that.




Why is Typosquatting done


There are several reasons for which attackers do Typosquatting. To name a few :

  • To earn revenue from website traffic visited by the visitors with miss-typed URL.
  • To redirect the typo-traffic to the competitor of the actual website.
  • To try to sell the typosquatted domain to the actual website and earn money illegitimately.
  • To redirect the typo-traffic to the actual website, but through the affiliate program, and thus illegitimately earning revenue from the brand-owner's affiliate program.
  • To steal sensitive data from the visitors. Sometimes the attackers makes a website looking very much similar to the actual website. As a result, if a visitor visiting the website provides his name, credit card numbers etc by mistake, the information gets stolen.
  • Sometimes, these fake websites are used in phishing.
  • With a drive-by-download, malware can be installed in a computer by just visiting the website, though the user does not click or initiate installation of any software from the website. Sometimes, these fake websites are used to spread malware.
  • To expose users to internet pornography.


From 2006 to 2008, a typosquatted domain of Google called Goggle.com was used to spread malware and even rogue anti-malware.



Defenses


One possible defense of Typosquatting may be to buy variants of domain names that can be used by typosquatters. For example the following variants of domain names can be considered :

  • Replacement of letter 'O' with number '0'
  • Domain names with missing dot (.) between www and the actual domain name. For example, wwwexample.com
  • Singular and plural versions of domain names.
  • Hyphenated and non-hyphenated versions of domain names.
  • Domains with other domain extensions like .net, .org, .com etc.

There are also a number of tools available which can suggest variants of domains that can be typosquatted. One such tool can be found here .


Also, there are a number of tools available to detect Typosquatting. One such example may be Microsoft Strider. One can use the tools for mitigating the risks.




There are more ways to scam people in internet than ever before. You need to be aware of all these scams and stay educated and use your common sense.

No comments:

Post a Comment