Typosquatting

TECHNICAL DEFINITION

Typosquatting is a social engineering cyberattack tactic involving domain impersonation, where malicious actors register, and subsequently leverage, intentionally misspelled or visually similar domain names to legitimate brand websites, aiming to deceive users into visiting fraudulent sites for phishing, malware distribution, or ad revenue generation.

BACKGROUND

In computing, a trojan horse is a kind of malware that misleads users as to its true intent by disguising itself as a normal program. Trojans are generally spread by some form of social engineering. For example, a user may be duped into executing an email attachment disguised to appear innocuous, or into clicking on a fake advertisement on the Internet. Although their payload can be anything, many modern forms act as a backdoor, contacting a controller who can then have unauthorized access to the affected device. Ransomware attacks are often carried out using a trojan. Unlike computer viruses and worms, trojans generally do not attempt to inject themselves into other files or otherwise propagate themselves.

SYNONYMS & ALIASES

• URL hijacking
• domain squatting
• brandjacking
• fake URL
• cyber-squatting
• phishing domain

USAGE NOTE

Typosquatting is commonly used in phishing campaigns and malware distribution, exploiting human error in URL entry to gain unauthorized access or distribute malicious payloads.

DEVELOPERS

Organizations developing technology related to Typosquatting.

• Proofpoint

  Proofpoint offers advanced email and brand protection solutions that detect and block threats originating from typosquatting, including phishing and impersonation attacks using lookalike domains. Their services monitor the digital landscape for malicious domain registrations.

• Mimecast

  Mimecast provides comprehensive email security and cyber resilience solutions, including protection against impersonation and phishing attacks that often leverage typosquatted domains. They offer threat intelligence and domain spoofing protection.

• CSC Digital Brand Services

  CSC specializes in digital brand protection, domain management, and anti-fraud services for enterprises. They actively monitor for and mitigate threats like cybersquatting and typosquatting to protect corporate brands and intellectual property.

• Clarivate (MarkMonitor)

  MarkMonitor, now part of Clarivate, is a leading provider of brand protection solutions. They offer extensive services for domain management, anti-phishing, anti-fraud, and anti-cybersquatting, directly addressing the detection and enforcement against typosquatted domains.

• Palo Alto Networks

  Palo Alto Networks integrates threat intelligence, including Unit 42 research, into its security platforms to detect and block access to malicious domains, including those created through typosquatting for phishing or malware distribution.

• CrowdStrike

  CrowdStrike's Falcon Intelligence provides threat intelligence that helps organizations identify and respond to brand impersonation, domain spoofing, and other cyber threats leveraging typosquatting, by monitoring the digital footprint of malicious actors.

• DomainTools

  DomainTools offers DNS and domain intelligence solutions that help cybersecurity professionals identify newly registered domains often associated with typosquatting, phishing, and other malicious activities, providing valuable context for threat investigations.

• Akamai

  Akamai provides comprehensive web and application security services, including DNS security solutions that can identify and mitigate threats from malicious domains, such as those used in typosquatting, by blocking access and providing real-time threat intelligence.