Account Takeover Fraud , Cybercrime , Fraud Management & Cybercrime

Tracking the Targets of 'Cybersquatting' Attacks

Users of Financial and E-Commerce Websites Are Frequent Victims
Tracking the Targets of 'Cybersquatting' Attacks
Chart lists victims of cybersquatting attacks. (Source: Palo Alto Networks)

So-called “cybersquatting” attacks are surging, with financial and e-commerce websites – including those of PayPal, Royal Bank of Canada, Bank of America and Amazon – among the most frequent targets, according to Palo Alto Networks' Unit 42.

See Also: SIEM Wishlist: Top 5 Reasons Security Teams Can’t Wait to Upgrade

Cybersquatting is a type of fraud in which a minor change is made in a domain name to confuse a consumer into believing they are visiting a legitimate website. The Unit 42 analysis found that in December 2019 alone, 13,857 squatting domains were registered, an average of 450 per day. Almost 19% of these delivered malicious malware or phishing attacks, and just over 36% are considered high-risk because they are associated with malicious URLs or utilize bulletproof hosting.

The goal of these attacks is to extract login credentials or payment card data from their victims, says Zhanhao Chen, a senior staff researcher at Unit 42.

Cybercriminals leverage a brand's credibility to attract more users that can be scammed. One such example is PayPal. Cybercriminals attach keywords like 'secure' and 'verify,' to the end of PayPal, giving the impression it's an official PayPal website, Chen tells Information Security Media Group.

The report points out organizations of all sizes are targeted in cybersquatting scams. Chen says cybercriminals might view a smaller bank, for example, as less able to defend its domain.

Why Squatting Attacks Work

Cybercriminals know most website visitors don't pay attention to URLs, and the number of potential fake domains that can be created “is almost infinite," according to the report.

"Cybersquatting is an effective way to take advantage of user error and carelessness. Second, it's cheap for cybercriminals to come up with new squatting domains and register them," Chen says.

One way to combat the risk is for companies to register some of the more obvious domain names that could be used for cybersquatting, Chen notes.

"Second, they can leverage the Anticybersquatting Consumer Protection Act (ACPA) or ICANN's Uniform Domain-Name Dispute-Resolution Policy (UDRP) to take hold of the domains or have them taken down. Third, they can contract a cybersecurity vendor that continuously tracks squatting domains," Chen says.

The Techniques

Malicious actors are using a variety of techniques to trick consumers into believing a site is legitimate. The best known is typosquatting, where a domain is created using a well-known brand name that is misspelled in a manner likely to be missed by the average person.

"Typosquatters intentionally register misspelled variants (such as whatsalpp[.]com) of target domain names (whatsapp[.]com) to profit from users’ typing mistakes or to deceive users into believing that they are visiting the correct target domain," according to the Unit 42 report.

Other variants include:

  • Combosquatting: When popular trademarks are combined with words such as “security" (netflix-payments[.]com);
  • Homographsquatting: When domains take advantage of internationalized domain names, or IDNs, where Unicode characters are allowed (microsofŧ[.]com);
  • Soundsquatting: Taking advantage of words that sound like variants of popular domains (4ever21[.]com for forever21[.]com);
  • Bitsquatting: When domains differ in one character from the targeted legitimate domain (micposoft[.]com);
  • Levelsquatting: Using domains that give the impression that they are controlled by a legitimate company (safety.microsoft.com.mdmfmztwjj.l6kan7uf04p102xmpq[.]bid).

Managing Editor Scott Ferguson contributed to this report.


About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to Forbes.com, TheStreet and Mainstreet.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing paymentsecurity.io, you agree to our use of cookies.