Typosquatting is an ugly-sounding word for a very clever strategy to hijack a URL – and by making that link “look” safe, users will click on it and download malware or ransomware.
Email attacks – and this is very true of ransomware, which is constantly in the news as a potent and costly attack – all rely on duping the recipient in one way or another. Earlier attacks tried to lure recipients into entering personal information for identity theft, but with ransomware, all an attacker needs to do is get someone to open an infected attachment or visit a poisoned site. But with users being made more wary, what methods work?
How much can a typo cost you? Typosquatting or URL hijacking can lead to encryption from ransomware Click To Tweet
One that continues to work well is typosquatting or URL hijacking. It works because readers are visual, not literal. A common example (no pun intended) is exemple. They look close enough and an HTML email is going to show a logo, not the link, anyway. Letters can be swapped, or foreign spellings could be used, or a common misspelling, such as bankamerica, vs bankofamerica. The goal is to trick the user into thinking the URL is legitimate. Once they click, the malware is uploaded (called “drive-by malware) and these days it’s likely to be ransomware.
There are simply too many URLs – with thousands of new ones constantly being created – for lookup tables to be a lot of help. Traditional email security solutions struggle to cope with this kind of URL hijacking.
Enter anti-typosquatting – a means to identify malformed or deliberately mistyped URLs and to redirect the recipient at time of click into a protected area where the link can be opened without harm. This is usually a cloud-based sandbox, so any malicious behavior on that site can be observed without affecting the user. Barracuda’s anti-typosquatting feature uses this method to safeguard from hijacked links.
Comprehensive email protection has evolved beyond anti-spam and anti-virus; new sophisticated attacks need new sophisticated means to identify and thwart them. Anti-typosquatting is part of the comprehensive email protection now included in all Barracuda Essentials bundles, because a typo shouldn’t lead to a ransom.