Domain Squatting Categories Ingrid The Domain Squatting risk vector is categorized into Typographical Errors, Spear Phishing, and Bitsquatting Errors (Bit-flip). These can be used as filters in the “Results by All Domains” view. Typographical Errors Users may mis-type the domain name. These domains are reached by simple typing mistakes and may also be used in spear phishing attacks. Type Description Examples (saperix.com) Insertion Adding an extra letter to the domain name that's near an existing letter on the keyboard. asaperix.com sapericx.com Omission Dropping a character. sperix.com (saperix.com) saperx.com (saperix.com) Repetition Adding an extra letter that already exists. sapperix.com saperrix.com Replacement Replacing a character with another one that's located near its placement on the keyboard. saperic.com sapwrix.com Subdomain Misplacement of 1 of the periods in the domain. s.aperix.com sa.perix.com Transposition Flipping two characters. spaerix.com sapreix.com Vowel-swap Replacing a vowel with a different one. soperix.com sapirix.com Various Miscellaneous mistakes, including dropping the period from the fully qualified domain name. wwwsaperix.com (www.saperix.com) www-saperix.com Spear Phishing The attacker’s domain masquerades as being part of a legitimate organization, either directly or as a partner. These domain variations are registered by adversaries looking to commit spear phishing (email phishing) attacks on employees or customers of the targeted company. Spear phishing attacks are targeted, proactive email campaigns against the user base (employees and customers) of an organization. They aim to fool users into opening an email attachment that are loaded with malware, get responses that contain sensitive information (e.g., login credentials, payment information, HR and tax documents), or redirect the user to a website that appears to be legitimate. Type Description Examples (saperix.com) Addition Adding an arbitrary character to the end of the domain. saperixj.com saperixb.com Hyphenation Inserting a hyphen between two characters. sa-perix.com sap-erix.com Homoglyph Replacing characters that look like other characters, as in those frequently registered for spear-phishing attacks. saper1x.com saperlx.com TLD Variant Using variants of the top-level domain (TLD). example.country example.stream example.download Bitsquatting Errors (Bit-flip) “Computers suffer from errors that manifest as memory corruption of one or more bits. The causes of these errors range from manufacturing defects to environmental factors such as cosmic rays and overheating. […] Bit-errors can be detected and exploited in new ways on an Internet-wide scale. One of these means is by bitsquatting, or registering domain names one bit different than frequently resolved domains.”[1] Type Description Examples (saperix.com) Bitsquatting A bit is flipped for one of the characters. saqerix.com sbperix.com Resources Dinaburg.org, “Bitsquatting: DNS Hijacking without exploitation” October 7, 2020: Added TLD Variant as a type of spear phishing. Related articles How is the Domain Squatting Risk Vector Assessed? Data Collection Methods Overview Attack Surface: Cloud Infrastructure Sync Diligence Risk Category Marsh McLennan Study: Correlation Between Bitsight Analytics and Cybersecurity Incidents Feedback 0 comments Please sign in to leave a comment.