Mary Roach writes for CircleID:
While typosquatting is not a new phenomenon, recent research highlights that it is being used to collect sensitive corporate information from employees and lure consumers to interact with dubious websites.
Typosquatting, as many of you might already be familiar with, is a type of cybersquatting where cybercriminals register a domain name that closely resembles a well-known site or brand, often taking advantage of common typos people make while typing in URLs. Once a user unknowingly types in a typosquatted domain or uses a typosquatted domain in an email address, unintended events begin to happen.
Security consultancy Godai Group recently uncovered the use of a specific type of typosquat — a “doppelganger domain” — to collect sensitive enterprise information via email-based attacks. A doppelganger domain is one that is not misspelled, but instead is missing a dot between the subdomain and domain. An example would be “mailyahoo.com,” which targets Yahoo!’s popular mail service “mail.yahoo.com.” The researchers found that 30% of the Fortune 500 (or 151 corporations) were susceptible to doppelganger domain-based attacks.
Read more at CircleID after the break…
Related posts:
