Have you ever clicked on any internet link and been directed to a website that was not “exactly” the address you intended?
This type of problem is really common and happens because the links you click on can be faked by attackers. The goals can be summarized in two: generate traffic to websites whose content is suspicious or expose the user to threats hosted on that target.
This type of practice is known as domain spoofing. It is often used in web ads.
It is worth remembering that this type of technique is used in phishing attacks. Attackers employ various means to deceive less attentive users while they are browsing the internet.
Every year, a few million are lost by companies to this kind of practice.
Attempts to replace URLs are considered “simpler” frauds and so are quite frequent. This type can have high success rates because it engages inattentive or uninformed users. Attackers promote such simplistic changes to URLs (such as replacing an “I” with an “L”, an “u” with a “v” in the domain) that a user can hardly see at first glance.
Despite common, this form of fraud can be more easily identified with a little more attention.
Another possible practice is cross-domain. The fraudster can “link” two websites through the application of an iframe, exposing the user to potentially suspicious or even malicious material – false news, undue content etc. The malicious website will appear as part of the trusted website layout, generating traffic for suspicious activity and exposing devices to threats hosted on those sites.
The user may find it more difficult to identify this type.
But the examples above are just the considered simple cases of domain spoofing. Of course, there are more sophisticated practices.
For example, many attackers use custom browsers as a fraud tool. From these browsers, bots can visit any site by forging the URLs.
In order to avoid this type of fraud one cannot rely on the user’s caution only. Companies need to adopt some layers of security that support the corporate user while protecting the company’s confidential information and devices.
If the company already uses intelligence signatures and categorizes URLs or adopts content filtering technology, it can successfully decrease that type of risk for its users.
In our cybersecurity platform, for example, Blockbit Labs’ constantly updated intelligence feeds help protect business users transparently by downloading subscriptions directly to products and elevating protection for all network devices.
But an essential tool for dealing with domain spoofing fraud is Blockbit ATP – Advanced Threats Protection, which, coupled with Blockbit Labs’ intelligence feeds, offers more than 10 million signatures of known phishing addresses.