Understanding "Typosquatting" and impersonated domains
It'll take 4 minutes to read this article
Unlike an increasing amount of today’s world wide web, this article was carefully crafted by the diligent humans at Arbiio, not AI. Accuracy is of paramount importance to us.
"Typosquatting" and "IDN homograph" attacks are particularly insidious ways to distribute viruses and launch scams, exploiting the nuances of language and human error to deceive users. As we delve into these threats, it's crucial to understand why blocking such domains on your family home network is not just a good idea—it's essential for maintaining your digital security.
What are IDN Homograph Attacks?
Internationalised Domain Names (IDNs) were introduced to allow domain names to include characters from various scripts, such as Cyrillic, Arabic, and Chinese, alongside the traditional Latin alphabet. While this innovation has made the internet more inclusive, it has also opened the door to a new type of cyber threat: IDN homograph attacks.
An IDN homograph attack occurs when a malicious actor registers a domain name that visually mimics a legitimate domain by substituting similar-looking characters from different scripts. For example, the Latin letter "e" can be replaced with the Cyrillic letter "е," which looks identical to the untrained eye. This subtlety can lead users to believe they are visiting a trusted site when, in fact, they are on a fraudulent one designed to steal sensitive information.
The Impact of IDN Homograph Attacks
The potential for deception with IDN homograph attacks is significant. According to a study by the Anti-Phishing Working Group, phishing attacks—which often use homograph techniques—saw a 65% increase in 2022 alone. This rise highlights the growing sophistication of cybercriminals who exploit these vulnerabilities.
For families, the risks are numerous. Personal information, login credentials, tax file numbers, and even private conversations, can be compromised. Children and elderly family members, who may not be as tech-savvy, are particularly vulnerable to these types of attacks.
What is Typosquatting?
Typosquatting, also known as URL hijacking, is another deceptive practice where scammers register domain names that are slight misspellings or variations of popular websites. For instance, a user intending to visit "google.com" might be accidentally type-in, or be directly directed to "gooogle.com" and end up on a malicious site instead of the real one.
Typosquatters rely on human error or a lack of critical examination to direct unsuspecting users to their fraudulent sites. A simple typo or misremembered URL could land you on one, while fraudulent ads can direct you to one without you realising. Such sites often host malware, phishing schemes, or unwanted advertisements, posing a significant risk to users' security and privacy.
The prevalence of Typosquatting
Typosquatting is alarmingly common. A report from the Cybersecurity and Infrastructure Security Agency (CISA) found that over 80% of the top 500 most visited websites have at least one typosquatted domain associated with them. This prevalence underscores the importance of vigilance and proactive measures to protect against these threats.
Why block these domains on your home network?
Given the risks associated with IDN homograph attacks and Typosquatting, blocking such domains on your family home network is a prudent step toward safeguarding your devices and yourselves. Here’s why:
Preventing Data Theft: By blocking access to fraudulent domains, you reduce the risk of inadvertently sharing sensitive information, documents, photos, and more with malicious entities.
Protecting Vulnerable Users: Children and elderly family members may not recognise the signs of a phishing attempt. Blocking harmful domains adds an extra layer of protection for these users.
Reducing the Risks of Human Error: Even the most tech-savvy individuals can make typos. By blocking typosquatted domains, you mitigate the risk of these innocent mistakes leading to security breaches.
Implement the blocking of impersonated domains with Arbiio
Using Arbiio to block these kinds of domains is straightforward and, critically, avoids the risk at the DNS level before it even becomes a matter for devices on your network to have to deal with. By taking proactive steps to block these domains on your family home network, you not only protect your personal information but also ensure a safer online experience for all family members.
References
- Anti-Phishing Working Group, "Phishing activity trends report," 2022.
- Zscaler ThreatLabz, "Phishing Via Typosquatting and Brand Impersonation: Trends and Tactics," 2024.