What is typosquatting?
D2 ยท Threats ยท CompTIA Security+ SY0-701Typosquatting (URL hijacking) is the practice of registering domain names that are slight misspellings of popular legitimate websites โ betting that some users will mistype the URL and land on the attacker's site.
Examples: goggle.com, amazom.com, microsft.com.
Used for: phishing, credential harvesting, malware distribution, advertising revenue from misdirected traffic.
Related: combosquatting (adding words: amazon-deals.com), homograph attacks (using lookalike Unicode characters).
Examples: goggle.com, amazom.com, microsft.com.
Used for: phishing, credential harvesting, malware distribution, advertising revenue from misdirected traffic.
Related: combosquatting (adding words: amazon-deals.com), homograph attacks (using lookalike Unicode characters).
Typosquatting exploits human typing errors. Organizations can defensively register common misspellings of their domain. ICANN's UDRP (Uniform Domain-Name Dispute-Resolution Policy) provides a mechanism to recover typosquatted domains. Browser security features and safe browsing lists help block known typosquatted domains.