TYPOSQUATTING
Typosquatting is a tactic nearly as old as the Internet itself, perhaps in part because it’s so easy to pull off. All the attacker needs to do is purchase a domain and wait. Provided their URL is close enough to that of an established brand, someone will eventually stumble upon their trap, courtesy of a… Continue reading 8 Ways to Prevent Typosquatting Attacks Targeting Your Business
Prime Day is Amazon’s largest, most highly anticipated retail event, often thought as bigger than Cyber Monday and Black Friday combined. Shoppers enjoy two days of special sales, this year running from July 11th-12th, on everything from Amazon devices such as the Echo and Kindle to stylish furniture. While shoppers flock to Amazon’s website to… Continue reading How to Avoid Online Shopping Scams on Amazon Prime Day
The dangerous impact of typosquat domains, and how frequently bad actors are mimicking legitimate brands is not an unknown problem for security leaders. It’s critical for security and IT teams to properly scan and monitor for brand threats that live across the internet, using machine learning technology to identify domains with similarities to the known… Continue reading Embedded Secrets in Webpage DOMs (and How to Use this Data to Protect Your Assets)
Typosquat domains can damage not only an organization’s finances, but also their reputation with customers, prospects, and the market. Monitoring for and quickly remediating typosquat domains (where possible, more on that to come) is critical for maintaining business operations and preventing hackers from accessing your sensitive data. Given the tightening budgets and market instability, not… Continue reading How to Remove a Typosquat Domain Targeting Your Company, Even When the Registrar Won’t Comply
Phishing and scam websites often use SSL certificates to create a false sense of trust and security for their victims. By displaying the padlock icon and the “https” protocol in the URL, these websites try to appear legitimate and secure. However, SSL certificates alone do not guarantee a website’s safety or legitimacy. Anyone can obtain… Continue reading How SSL Monitoring Can Help Safeguard Your Brand’s Identity
People tend to associate typosquatting domains with only phishing related activities but in reality, these domains are used in a wide variety of attacks. Attackers use these domains in attacks such as brand impersonation, BEC scams, and ransomware campaigns. Typosquatting Domains in BEC Scams Business Email Compromise scams primarily target company employees or individuals who… Continue reading How Attackers Use Typosquatting Domains for BEC and Ransomware Attacks
What is Typosquatting? Cybercriminals register look-alike domains of well-known brands to trick users into accessing a malicious website. Such misspelled, look-alike domains are referred to as typosquatting domains. These domains are frequently used by cybercriminals for phishing, fraud, social engineering attacks, BEC and ransomware attacks. These attacks can cause financial loss to the customers, hijack… Continue reading Comparing Bolster’s Typosquatting Monitoring Tool to other OSINT Tools
Microsoft recently secured a court order to takedown ‘homoglyph’ domains that impersonate one of their brands. In a statement they released on July 19, they said that these imposter domains were targeting Office 365 customers. This court order is a huge win! Not just for Microsoft, but the entire cybersecurity industry. In this blog, we… Continue reading What Every CISO Should Do to Fight Typosquat Attacks
Before we get started, there are a couple of terms I would like to introduce: Typosquatting domains: Typosquatting domains are lookalike domains targeting a brand. They look very similar to the brand’s legitimate domain and are hard to tell apart. For example, rarible[.]com is the legitimate website of the famous NFT marketplace Rarible. rarbile[.]com is… Continue reading NFT Scams Part 2: Typosquatting Attacks targeting NFT marketplace users