Gadget

Beware of the typosquatter

Typosquatting is a social engineering technique that imitates an organisation’s domain/website. It does this by utilising the fact that typographical errors may be performed by an end user when typing a URL. There are various reasons why an attacker would implement a Typosquatting domain, each creating different risks for the end user/organisation.

Examples of these include:

How Does Typosquatting Work?

Typosquatting is an attack vector that delves into human error. An attacker will purchase a domain name that is like that of the victim organisation. By mimicking the legitimate website, with a slight variation, the user may be fooled to believe that the malicious site is the genuine site.

There are various ways that domain names can be typosquatted:

Protecting Against Typosquatting

Users and organisations can utilise publicly available tools such as Dnstwist to identify impersonating or similar domains. Dnstwist works by inputting the domain name and relying on a python script that searches for any imitative domains that could be flagged as phishing or typo squatting. This tool can be further refined to identify registered domains, where they are hosted, whether your website has been cloned, and more.

End users can reduce the possibility of falling victim to Typosquatting by:

  1. Avoid clicking on unknown links such as on social media, emails, or websites.
  2. Do not open email attachments from unknown senders.
  3. Implement antivirus software which will assist in detecting redirections to malicious websites.
  4. Inspect URLs before clicking on them. This can be performed by hovering over the URL to identify any incorrect spellings or modifications within the URL.
  5. Bookmark your frequently used websites for ease of use and to avoid misspelling of the URL.
  6. Utilise search engines instead of directly typing the URL.

Organisations can further protect their employees and customers by implementing the following practices:

  1. Register misspellings of the domain so that end users can be redirected to the official website with no concern towards Typosquatting.
  2. Utilise domain monitoring tools to identify when a domain is registered that resembles that of the organisation. This can be used in conjunction with takedown services, where once identified, the newly registered domain can be taken down, should enough evidence display that it was implemented for phishing purposes.
  3. Notify stakeholders of any impersonating domains. Informed customers, staff, and third parties of suspicious identified domains.
  4. Always use SSL certificates to ensure that customers can verify the legitimacy on the website.
  5. Enforce Multi-Factor Authentication for users when logging in. This will validate both the identity of the user and the website that they are connected to.

If you want to identify and protect your business from prevalent cybersecurity threats, such as Typosquatting, schedule a consultation with our experts.

Users and organisations can utilise publicly available tools such as Dnstwist to identify impersonating or similar domains. Dnstwist works by inputting the domain name and relying on a python script that searches for any imitative domains that could be flagged as phishing or typo squatting. This tool can be further refined to identify registered domains, where they are hosted, whether your website has been cloned, and more.

Exit mobile version