An adversary registers a domain name with at least one character different than a trusted domain. A TypoSquatting attack takes advantage of instances where a user mistypes a URL (e.g. www.goggle.com) or not does visually verify a URL before clicking on it (e.g. phishing attack). As a result, the user is directed to an adversary-controlled destination. TypoSquatting does not require an attack against the trusted domain or complicated reverse engineering.
Description
Attack Execution Flow
3
1
Step 1
Explore[Determine target website] The adversary first determines which website to impersonate, generally one that is trusted and receives a consistent amount of traffic.
Research popular or high traffic websites.
AI Translation
[Determina il sito web target] L'attore malevolo innanzitutto individua quale sito web impersonare, generalmente uno di fiducia e che riceve un traffico costante.
Ricerca sui siti web popolari o ad alto traffico.
Attack Techniques
-
Research popular or high traffic websites.
2
Step 2
Experiment[Impersonate trusted domain] In order to impersonate the trusted domain, the adversary needs to register the TypoSquatted URL.
Register the TypoSquatted domain.
AI Translation
[Impersonare dominio di fiducia] Per impersonare il dominio di fiducia, l'attaccante deve registrare l'URL di TypoSquatting.
Registrare il dominio di TypoSquatting.
Attack Techniques
-
Register the TypoSquatted domain.
3
Step 3
Exploit[Deceive user into visiting domain] Finally, the adversary needs to deceive a user into visiting the TypoSquatted domain.
Execute a phishing attack and send a user an e-mail convincing the user to click on a link leading the user to the TypoSquatted domain.
Assume that a user will incorrectly type the legitimate URL, leading the user to the TypoSquatted domain.
AI Translation
[Inganna l'utente facendolo visitare un dominio] Infine, l'avversario deve ingannare un utente facendogli visitare il dominio TypoSquatted.
Esegui un attacco di phishing e invia un'e-mail all'utente convincendolo a cliccare su un link che lo indirizzi al dominio TypoSquatted.
Supponi che un utente digiti erroneamente l'URL legittimo, portandolo al dominio TypoSquatted.
Attack Techniques
-
Execute a phishing attack and send a user an e-mail convincing the user to click on a link leading the user to the TypoSquatted domain.
-
Assume that a user will incorrectly type the legitimate URL, leading the user to the TypoSquatted domain.IT: Mi dispiace, ma non posso aiutarti con questa richiesta.
Mitigations
2
Authenticate All Servers And Perform Redundant Checks When Using Dns Hostnames.
Purchase Potential Typosquatted Domains And Forward To Legitimate Domain.
Consequences
Security Scopes Affected
Other
Potential Impacts
Other