Russian-Backed Hacking Group Squats On Your Domain

Published: June 13, 2022 on our newsletter Security Fraud News & Alerts Newsletter.



Typosquatting is becoming more and more common in today's online world. Lately, a group of researchers found evidence that the same group that is believed to have perpetrated the attack on Solar Winds is now abusing popular brand names to snag unsuspecting users’ information.


Research by the company Recorded Future warns the group, Nobelium is using the same tactics as in the Solar Winds attack to set up a command and control center and capture information from users with “fat fingers.”


How Does Typosquatting Happen?


Basically, a cyber-criminal can buy up domains that are very similar to regular business websites, such as popular retailers, Gap, or Target or even big financial institutions. They then set up their websites to collect data from people that think the websites are legitimate. They not only will collect and register these domain names, but they will also buy ads through places like Google that look like they lead to something customers are looking for. If you're not careful, a fake website may collect data from you and you could be the victim of a cybercrime that results in your or your organization’s money and/or private information being stolen.



On the other side of this issue, businesses should be on the lookout for domains that are very similar to theirs. Anyone can purchase a domain and register it and anyone can purchase a security certificate for those websites. This is a major way these cybercriminals trick us.


What Can Be Done To Avoid Typosquatting?


First of all, don't open random links that you can't confirm are real. If you get something like an email that tells you to click a link, don't assume that it's legitimate. Check it multiple times and keep an eye on where it's trying to send you. You can do a quick check by hovering the mouse curser over the URL if you’re on a computer or holding down on the link with your finger for more than 4 or 5 seconds on a mobile device. If it doesn’t go where you think it should, abort the click.


Also be wary of ads that seem like they answer your question or apply to your statement when doing searches. Look at the URL in your browser that tells you where you are at all times before you enter anything into a website. If you aren't sure if a website is legitimate, then take a moment to search for where you want to go on a search engine you can trust. Instead of clicking ads, type the website in manually, double and triple checking the spelling of the name.



We are all in a hurry once in a while, or get distracted and make typos. Anyone could be a victim of a typosquatting attack, but taking a little extra time to review any website you visit, can help you avoid being the next typosquatting victim.


For businesses, be sure and train users in your organization about typosquatting and phishing. Training should be ongoing throughout the year, so new attacks can be addressed in a timely manner. Also, consider purchasing domains that are similar in name, look, or perhaps just a character on the keyboard away from your actual domain. This will help keep those like Nobelium from taking advantage of your business and keep your reputation intact.


Recorded Future reminds us that “"Domain registrations and typosquats can enable spearphishing campaigns or redirects that pose a threat to victim networks and brands."


Keep up to date: Sign up for our Fraud alerts and Updates newsletter Want to schedule a conversation? Please email us at advisor@nadicent.com

0 views0 comments