What is Typosquatting?
Typosquatting or URL hacking takes advantage of a users attention to detail and attempts to steal login credentials through websites commonly misspelled or makes use of some visual trickery.
One of the most famous examples was the registration of Goggle.com which was operating as a phishing site around 2006 and more recently the domain twiter.com was discovered.
Fonts can also play a significant role where the use of l I & O 0 could appear to be similar in appearance: G00GLE.COM is not the same as GOOGLE.COM
It is also possible to take advantage of domains that haven't been registered. Most users are familiar with .com, .net, .org but there are around 1500 other possibilities and it could be expensive for an organisation to register every single one.
https://en.wikipedia.org/wiki/List_of_Internet_top-level_domains
What can you do?
The primary concern with typosquat domains is the potential for phishing attempts targeting your users, or possibly clients that authenticate to services hosted on your domain. For this reason it is recommended that these domains be blocked within your organization. However it is more difficult to prevent accidental access to these domains by clients or other external access.
- https://o365reports.com/2020/03/25/how-to-add-external-email-warning-message/
- https://techcommunity.microsoft.com/t5/exchange-team-blog/native-external-sender-callouts-on-email-in-outlook/ba-p/2250098
It is important to note that the registration of a typosquat domain does not necessarily indicate that a phishing attempt or other malicious activity is likely, and may not warrant additional action. For example, in some cases organizations may attempt to register a large number of unregistered domains as a form of investment, in hopes that they may be able to sell some domains at a profit in the future. This is especially likely in cases where a domain may be particularly meaningful, such as a common word or name.
If you do wish to take action against these domains, there are a few options:
First, an abuse report point of contact is typically listed by the hosting organization for domains registered through the Internet Corporation for Assigned Names and Numbers (ICANN), typically in the form of an email address. These are typically accessible via the ICANN Registration data lookup tool.
Second, it is possible to submit a complaint directly to ICANN via their Uniform Domain-Name Dispute-Resolution Policy. This form of complaint typically would require a claim of copyright infringement, evidence of associated malicious activity (such as phishing attempts), or similar substantiation.
Lastly report it to the Google Safe Browsing service. https://safebrowsing.google.com
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article