What is typosquatting or URL hijacking?
Sometimes, we misspell a website URL in the address bar of the browser. And the browser takes us to a similar-looking but different website altogether. In most cases, these similar-looking websites are controlled by attackers, who exploit them for illegitimate purposes. This technique is called typosquatting or URL Hijacking.
Typosquatting or URL Hijacking is a type of cybersquatting where an attacker uses a look-alike Internet domain name and earns illegitimate profit using the goodwill of a trademark belonging to someone else. Attackers usually rely on the typos of users or use a domain name that looks similar to a legitimate domain name for the purpose of typosquatting. In most cases, typosquatting is done by attackers with the intent of spreading malware or getting revenue from the website traffic or phishing.
How are URLs typosquatted?
Usually, these five types of domain names are used for typosquatting:
- Foreign language spelling of a popular domain name (What is IDN Homograph attack?)
- A common misspelling of a popular domain name, e.g., goggle.com
- A differently phrased domain name, e.g., apples.com
- A domain with a different Top-Level Domain, e.g., amazon.org
- A domain with a different Country Code Top-Level Domain, e.g. Google.cm
A user is more likely to wrongly type these types of domain names in the address bar, and the typosquatters exploit that.
Why is typosquatting or URL hijacking done?
There are several reasons for which attackers do typosquatting.
- To earn revenue from website traffic when visitors mistype a URL and visit the malicious website.
- To redirect the typo traffic to the competitor of the actual website.
- To try to sell the typosquatted domain to the actual website and earn money illegitimately.
- To redirect the typo traffic to the actual website, but through the affiliate program, and thus illegitimately earning revenue from the brand owner’s affiliate program.
- To steal sensitive data from visitors. Sometimes, the attackers make a website look very similar to the actual website. As a result, if a visitor visiting the website provides his name, credit card numbers, etc, by mistake, the information gets stolen.
- Sometimes, these fake websites are used in phishing.
- Sometimes, these fake websites are used to spread malware. With a drive-by-download, malware can be installed on a computer by just visiting the website, though the user does not click or initiate the installation of any software from the website. (What is a drive-by download?)
- To expose users to Internet pornography.
From 2006 to 2008, a typosquatted domain of Google called Goggle.com was used to spread malware …
0 Comments