Domain Squatting Risk Vector: Using Categories in your Investigation Ingrid You can filter your “Results by All Domains” view using the following three categories to streamline your investigation. By categorizing these domains, your security team can prioritize high-risk threats like phishing over lower-risk issues like typos.Why This MattersMonitoring these categories allows your organization to: Proactively Takedown: Identify and request the removal of malicious domains before they are used in an active attack. Assess Risk: Understand if your brand is being actively targeted by "squatters." Educate Users: Use real-world examples of discovered typos for internal security awareness training. Typographical ErrorsUsers may mis-type the domain name. These domains are reached by simple typing mistakes and may also be used in spear phishing attacks. Insertion: Adding an extra letter to the domain name that's near an existing letter on the keyboard. Omission: Dropping a character. Repetition: Adding an extra letter that already exists. Replacement: Replacing a character with another one that's located near its placement on the keyboard. Subdomain: Misplacement of 1 of the periods in the domain. Transposition: Flipping two characters. Vowel-swap: Replacing a vowel with a different one. Various: Miscellaneous mistakes, including dropping the period from the fully qualified domain name. Spear PhishingSpear phishing attacks are targeted, proactive email campaigns against the user base of an organization. They aim to fool users into opening an email attachment that is loaded with malware, get responses that contain sensitive information or redirect the user to a website that appears to be legitimate. Addition: Adding an arbitrary character to the end of the domain. Hyphenation: Inserting a hyphen between two characters. Homoglyph: Replacing characters that look like other characters, as in those frequently registered for spear-phishing attacks. TLD Variant: Using variants of the top-level domain (TLD). Bitsquatting Errors (Bit-flip)Technical Resource: For a deep dive into this phenomenon, see “Bitsquatting: DNS Hijacking without exploitation” by Dinaburg.Bitsquatting: A bit is flipped for one of the characters October 7, 2020: Added TLD Variant as a type of spear phishing. Related articles Data Collection Methods Overview Diligence Risk Category Attack Surface: Cloud Infrastructure Sync Marsh McLennan Study: Correlation Between Bitsight Analytics and Cybersecurity Incidents Remediation Status Feedback 0 comments Please sign in to leave a comment.