Threat Actors, Phishing, and Typosquatting: How They Fit Together
  • Table of contents

The author

user_image
Gil

Table of contents

Related Articles

Research

Facebook Hidden Friends Vulnerability (With “fb-hfc” released)

We reported the hidden friends vulnerability to Facebook; this lets attackers reconstruct the private Friends...
May 29, 2014
Learn more
Tech Talks

Welcome to The Cyber Feed

Over the past three decades, IT security solutions have developed to effectively secure most networks...
Jun 30, 2015
Learn more
Tech Talks

Threat Actors, Phishing, and Typosquatting: How They Fit Together

Apr 27, 2016

We can’t stress enough how vital cyber awareness is to the lifeline of business (and personal) assets, and a highly powerful way to convey this message is by putting our audience in the shoes of the victim.


Let’s try and understand the magnitude of typosquatting and phishing campaigns, so that the takeaways of this article allow readers to be one step closer to a fortified cyber posture.

Phishing Emails and Subject Lines

Phishing emails are a growing trend in today’s online world.

The more obvious defense against phishing emails is spam filters and other cybersecurity technologies, otherwise known as our ‘first line of defense’ to the phenomenon.

Funnily enough, our second line of defense against phishing emails is none other than ourselves, that is, our eyes and our awareness-levels to be on the lookout everytime we click on an email delivered to our inboxes.

There are plenty of signs that we are meant to be looking out for when it comes to phishing emails:

  • Messages from companies you don’t have accounts with (but whose subject line/email body suggests that you do)
  • Subject lines or email body with spelling mistakes
  • Messages from the wrong email address (i.e ‘info@hsbc.savings.com’ instead of ‘info@hsbc.com
  • Addressed to ‘Dear User’ instead of ‘Dear Your Name’
  • Subject or email body with unexpected messages that trigger a sense of urgency in the recipient, i.e ‘resume’ or ‘unpaid invoice.

Typosquatting and Phishing

Cybercriminals thrive off of typosquatting as an easy-peasy way to lure email recipients to spoof web pages, where victims then type in their personal information, under the illusion that they’re signing back into a loyal site where they visit often.

Notorious Typosquatting Stories

Fake Site

paypal_fake.png

Real Site

paypal_real.png

This past January, the Paypal website fell victim to a phishing attack campaign that was operated via typosquatting. Multiple domains were built that impersonated the Paypal site, i.e “security-paypal-center[.]com.”

 

OpenDNS, the firm that detected the attack, described the attack’s anatomy as the following:

paypal_opendns.png

Technology Doesn’t Fail the Phish

Our defense lines to typosquatting and phishing campaigns are not only our human detection abilities. Through natural language processing (used in our Argos intelligence tool), typosquatting phishing domains are detected automatically.

That being said, awareness is key. Before (and while) Argos Edge maps your online presence and automatically identifies attempts at typosquating looking like your own domains. Employees must know the problems that lie at risk as they are still at the forefront of cyber attacks. 

Uncover your compromised credentials from the deep and dark web

Fill in your business email to start