Attackers often use the technologies we depend on in our daily lives to trick users into visiting malicious sites or to facilitate the spread of viruses. Social engineering has become a staple of cyberattacks over the past decade. Bad actors are developing new techniques every day based on emerging technologies and designed to take advantage of humans’ propensity for error. One of the many techniques used by these bad actors for social engineering is URL hijacking.
URL hijacking, also known as a form of cybersquatting, is where the attacker purchases and registers a new domain name using a slightly misspelled version of a well-known website and mirrors its ‘appearance. This is designed to target Internet users who incorrectly enter the site’s URL into their web browser. The malicious site is normally designed in a way to trick users into entering their sensitive information such as email credentials and personally identifiable information (“PII”). The tactic has become so widespread that in 2018, security researchers discovered that malicious sites ending in “.cm” (aol.cm, espn.cm, etc.) had been visited 12 million times in the past. only first quarter of the year. In 2019, Palo Alto Networks, a global cybersecurity company, discovered over 13,000 domains registered for URL hijacking in December alone, with 19% of them often distributing malware and/or leading phishing attacks.
Organizations victimized by these bad actors can face significant reputational damage to their customers and industry peers. Technical best practices for organizations to protect against this technique is to register and trademark their trademark and website, and then further protect themselves by purchasing close variations of their current domain names, e.g., company.com, company.net, etc. as well as common spelling mistakes. Domain monitoring tools and services can also be purchased to notify your IT department whenever a similar domain name is purchased and registered.
Attackers are always looking for more ways to take advantage of human error, ensuring that URL hijacking scam techniques will continue to be prevalent. Proactive organizations add/include URL hijacking user training and awareness to help mitigate this threat. They also add additional layers of artificial intelligence to pre-analyze emails to identify faulty emails that are often used by hackers to facilitate wire transfer fraud.
With an ever-increasing number of new Internet domain names being registered each year, security companies are integrating more domain monitoring solutions into their services to provide additional layers of defense against these threats. We suggest that you remain vigilant against these types of scams and use appropriate training, technology, and processes to ensure good cybersecurity hygiene.