The Domain Squatting risk vector is categorized into Typographical Errors, Spear Phishing, and Bitsquatting Errors (Bit-flip). These can be used as filters in the “Results by All Domains” view.
Typographical Errors
Users may mis-type the domain name. These domains are reached by simple typing mistakes and may also be used in spear phishing attacks.
Type | Description | Examples (saperix.com) |
---|---|---|
Insertion | Adding an extra letter to the domain name that's near an existing letter on the keyboard. |
|
Omission | Dropping a character. |
|
Repetition | Adding an extra letter that already exists. |
|
Replacement | Replacing a character with another one that's located near its placement on the keyboard. |
|
Subdomain | Misplacement of 1 of the periods in the domain. |
|
Transposition | Flipping two characters. |
|
Vowel-swap | Replacing a vowel with a different one. |
|
Various | Miscellaneous mistakes, including dropping the period from the fully qualified domain name. |
|
Spear Phishing
The attacker’s domain masquerades as being part of a legitimate organization, either directly or as a partner. These domain variations are registered by adversaries looking to commit spear phishing (email phishing) attacks on employees or customers of the targeted company.
Spear phishing attacks are targeted, proactive email campaigns against the user base (employees and customers) of an organization. They aim to fool users into opening an email attachment that are loaded with malware, get responses that contain sensitive information (e.g., login credentials, payment information, HR and tax documents), or redirect the user to a website that appears to be legitimate.
Type | Description | Examples (saperix.com) |
---|---|---|
Addition | Adding an arbitrary character to the end of the domain. |
|
Hyphenation | Inserting a hyphen between two characters. |
|
Homoglyph | Replacing characters that look like other characters, as in those frequently registered for spear-phishing attacks. |
|
TLD Variant | Using variants of the top-level domain (TLD). |
|
Bitsquatting Errors (Bit-flip)
“Computers suffer from errors that manifest as memory corruption of one or more bits. The causes of these errors range from manufacturing defects to environmental factors such as cosmic rays and overheating. […] Bit-errors can be detected and exploited in new ways on an Internet-wide scale. One of these means is by bitsquatting, or registering domain names one bit different than frequently resolved domains.”[1]
Type | Description | Examples (saperix.com) |
---|---|---|
Bitsquatting | A bit is flipped for one of the characters. |
|
- October 7, 2020: Added TLD Variant as a type of spear phishing.
Feedback
0 comments
Please sign in to leave a comment.