Topic 2C: Social Engineering (Typosquatting)

Hijacked Subdomains (Example)

A phishing message from example.onmicrosoft.com may appear trustworthy to users.

Typosquatting (Definition)

Registering domain names that are very similar to real ones (e.g., exannple.com).

Hijacked Subdomains (Technique)

Registering subdomains using the primary domain of a trusted cloud provider (e.g., onmicrosoft.com).

Impersonation in Phishing and Pharming (Dependence)

Success relies on convincing the target that the message or site is from a trusted source.

Impersonation in Phishing and Pharming (Email Client Inconsistencies)

Threat actors exploit how email clients display the "From" field, sometimes showing arbitrary values instead of actual email addresses.

Typosquatting (Purpose)

Trick users into thinking they are on a trusted site or receiving email from a known source.

Typo squatting (Summary)

Typosquatting involves registering domain names similar to legitimate ones to trick users into thinking they are interacting with trusted sites. This technique is often used in phishing and pharming attacks to exploit user trust.

Typosquatting (Other Names)

Cousin, lookalike, or doppelganger domains.