Typosquatting
Protection
Protect users from visiting malicious sites
that mimic your organization’s brand
The Rise of Lookalike Domains
Typosquatting, or otherwise known as URL or Domain Hijacking, is a form of attack that purposely misspells domains of well-known and legitimate websites. In this social engineering attack, users are tricked into visiting malicious lookalike sites to do a variety of activities such as turning over their login credentials, divulge financial information, or even download malware.
Users may accidentally type in the wrong URL, hence the ‘typo’ in typosquatting, or be misled by a phishing campaign that directs them to a malicious site. Either way, these lookalike domains are convincing and effective as they rely on human error and confusion.
Common Reasons for Typosquatting
Phishing Campaign
The most common reason why malicious actors employ typosquatting is to attempt to phish for sensitive information such as a user’s credentials or financial information. Oftentimes the user is sent a fraudulent message, whether over email or another channel, to visit a phishing site designed to mimic a legitimate brand. Unsuspecting users will turn over their information and now attackers can leverage these credentials to do a variety of activity such as log into critical systems and applications and steal corporate data.
Drive-by Downloads
While many attackers use typosquatting to trick users to give away their sensitive information, sometimes just visiting a site can allow for malware to be downloaded from the browser onto the user’s device. Sometimes the execution of the malware is user initiated, other times visiting the site can cause the malicious file to be executed.
Search Engine Redirects
Fraudsters can take advantage of redirects that confuse search engine results pages, or simply replace a legitimate URL with a fraudulent one. A URL redirect helps search engines find web content that may have moved. Fraudsters will leverage these redirects to attempt to confuse a search engine into falsely submitting a malicious URL for a legitimate one.
Extortion and Scams
An attacker may be motivated to leverage typosquatting to create a scam to sell fraudulent goods and services, extort the legitimate domain owner, commit advertisement or affiliate marketing fraud by stealing commission per click, and more. There are many ways typo squatters can gain monetarily by registering fake domains.
Typosquatting leads to large financial losses
4.2 million
Fraudulent
websites
+$323 billion
Losses to
brands
$1.2 trillion
Fraudulent product &
service transactions
Legacy processes are typically reactive, relying on information
security resources, manual procedures, and outdated tools to
mitigate fraudulent activity
Leverage Bolster’s Detection and Response to Fight Growing Typosquatting Attacks
AI-Driven Real-Time
Detection
Deep learning renders fraud verdicts
within 100 milliseconds with a false
positive rate of 1 in 100,000
Fully-Automated
Zero-Touch Takedown
Take down phishing & scam sites
globally in as quickly as 2 minutes,
95% without human intervention
Continuous
Monitoring
Track fraudelent sites taken down. if
they come back, our platform will
immediately issue requests to take
them offline
Rich Threat
Intelligence/Dashboard
Full dashboarding for fraud
prevention, plus 20+ data points,
including logo use, for review with
brands & security teams
Beautifully designed to visualize your threat surface
Using an innovative combination of natural language processing, logo detection, computer vision, and deep learning, Bolster’s platform provides the fastest, most accurate detection and removal of malicious typosquatting. The intuitive and easy-to-use Bolster dashboard allows organizations to achieve:
- Real-time detection of fake domains, phishing sites, scam sites, cryptojacking sites, and more in the matter of milliseconds
- Automatically take down these malicious sites in the matter of minutes
- Create automatic responses to different threats to help with cross-collaboration efforts
Intuitive Methodology for Typosquatted Domains
Take down phishing & scam sites in minutes
Industry-leading Response
Times to TypoSquatting
100ms
Fraud detection verdict
1/100,000
False-positive rate
60 sec
Mean Time to Response (MTTR)
2 mins
Avg API based takedown time
95%
Without manual intervention
+1500
Partners with domain & hosting providers
Ready to See Bolster in action?
Get a personalized demo and see how you can detect and remediate threats like never before.
REQUEST DEMO