Typosquatting
Typosquatting is a form of social engineering attack that capitalizes on typing errors when we try to enter legitimate domains; for instance, instead of typing "facebook.com” we accidentally type "faceboook.com"; however, both pages will appear identical, the difference is in the fact that the fake page, taking advantage of human oversight and get the personal data such as usernames and passwords after this the web page redirected to the official page.
Nevertheless, Typosquatting doesn't solely rely on browser typing errors as an attack method; it employs other strategies that exploit human errors in failing to notice relevant details. Among these methods are:
- Typing errors: Attackers take advantage of errors made during domain searches to present their malicious pages, as seen in the first example provided.
- Alternate spellings: Attackers exploit the fact that some brands or products have multiple correct spellings, such as " colour " and " color," or " favorite" and "favourite." A URL containing many alternate spellings is a significant indicator of a potential attack.
- Unfamiliarity: Attackers capitalize on misspelling brands due to unfamiliarity with their correct names. For example: "nike" and "niket." Unlike typing errors, this method involves searching for similar brand names for the attack, one difference is that this one is based on using a search motor and the other is using the URL error.
- Hyphens in URLs: Attackers use hyphens to camouflage their malicious page; for example, instead of "login.facebook.com," they might use "login-facebook.com."
- Adding "www": In this case, the attacker adds "www" within the domain, for example: "wwwfacebook.com."
- Domain extensions: Attackers attempt to use different domain extensions as a camouflage method, such as .com, .mx, .us, .uk, .org, among others. However, the most common one used is the Colombian extension (.co) because it closely resembles .com. For instance, "facebook.com" and "facebook.co".
The theft of information isn't the sole objective of this type of cyberattack; it opens up other avenues such as distributing malware by disguising it as legitimate applications, facilitating fraudulent sales more easily. However, they're also utilized for monetization through user interaction. This can involve placing ads within the page or monetizing clicks from search engine results. Likewise, there are spoof pages designed solely to mock users who interact with them. This can be illustrated in the following image:
Due to this cyberattack, most of the big companies like Google, Facebook, Amazon, Microsoft, etc., have acquired domains with typing errors that could potentially fall victim to Typosquatting. Similarly, “Cybersquatting” is another cyberattack that is related to URLs, the main difference with “Typosquatting” is that the previous one used human error, and in the next one the cyber attacker gets legitimate control of the official domain and demanded money to return the domain.
As described earlier, this cyberattack falls under the category of "Social Engineering," exploiting human errors. Like any attack in this category, the consequences of our negligence can range from minor, such as being the butt of a joke, or in the worst scenarios we can divulging essential personal information and compromising our devices with various malware that these webpages may expose them to. Therefore, it's crucial to pay attention to the URLs we are accessing, as they may contain clues revealing this cyberattack. However, most current search engines like "Google," "Bing," "DuckDuckGo," etc., have techniques in place to filter out most of these issues. Nevertheless, we can still fall victim to them through malicious emails, and forum comments, among other methods. Therefore, it's essential to remain vigilant for any details that catch our attention and to ensure that the page we are visiting is completely legitimate before downloading or entering passwords.