A company's security analyst is reviewing the web traffic logs and notices that there is a significant amount of user traffic directed to a website with a URL very similar to the company's official web address. The analyst investigates further and discovers that the website is a malicious replica of the company's site, designed to trick employees into divulging their credentials. What type of attack does this scenario best describe?
Correct Incorrect Unanswered
Answer Description
Typosquatting, also known as URL hijacking, is a form of cyber attack where the attacker registers a domain name that is a misspelled version of a legitimate website. This technique preys on users who accidentally type a wrong URL when trying to visit the intended site. In this scenario, the malicious replica of the company's site is set up to deceive users who mistype the company's official web address, making "Typosquatting" the correct answer.
Wikipedia
Typosquatting, also called URL hijacking, a sting site, a cousin domain, or a fake URL, is a form of cybersquatting, and possibly brandjacking which relies on mistakes such as typos made by Internet users when inputting a website address into a web browser. Should a user accidentally enter an incorrect website address, they may be led to any URL (including an alternative website owned by a cybersquatter).
The typosquatter's URL will usually be one of five kinds, all similar to the victim site address:
A common misspelling, or foreign language spelling, of the intended site
A misspelling based on a typographical error
A plural of a singular domain name
A different top-level domain: (e.g. .com instead of .org)
An abuse of the Country Code Top-Level Domain (ccTLD) (.cm, .co, or .om instead of .com)
Similar abuses:
Combosquatting - no misspelling, but appending an arbitrary word that appears legitimate, but that anyone could register.
Doppelganger domain - omitting a period or inserting an extra period
Appending terms such as sucks or -suckes to a domain name
Once in the typosquatter's site, the user may also be tricked into thinking that they are in fact in the real site, through the use of copied or similar logos, website layouts, or content. Spam emails sometimes make use of typosquatting URLs to trick users into visiting malicious sites that look like a given bank's site, for instance.
The Magniber ransomware is being distributed in a typosquatting method that exploits typos made when entering domains, targeting mainly Chrome and Edge users.
Typosquatting - Wikipedia, the free encyclopedia