The Social Aspect Dns And Phishing

Unlike the exact processing of an IP address for some computer code, the use of a domain name is a much less rigorous process for people. The address www.hotmail.com can easily be mistyped as www.hormail.com, and an email containing an address like http://www. rasbank.it.customer-service.gadi7n.biz can effectively be used in phishing attacks for luring users to malicious websites.

Distracted or uninformed users could mistake the rasbank.it portion of the URL as valid, but the real top-level domain here is gadi7n.biz. The customer-service subdomain is included to confuse you even more. Those same users would also click OK in the fairly common dialog that warns about untrusted SSL certificates and be completely tricked into using a perfect (but malicious) replica of their online banking sites.

While mistyping a name looks apparently harmless, this mistake is being taken advantage of with so-called typosquatting. Typosquatters usually register a large number of domains that are very close to existing and widely used ones and likely to be found in case of typographical errors. This can lead to phishing attacks, malware sites, unsolicited advertisements, and email hijacking.

Unfortunately, you can do little against these kind of attacks on the technical side. Educating users is the first line of defense. Another way to protect domains from typosquatting is to look for similar domains actively and either register them yourself or try to buy them from their current owner (for instance google.com also owns gooogle.com).

Commercial and open-source software that blacklist known typosquatters, phishing, and other malicious domains are available in many forms for various browsers and operating systems. They rely on either public or private databases. Although this kind of software might help, you shouldn't treat it as a completely reliable solution. Education is always the primary method for preventing these kinds of attacks.

More information on phishing tricks and the latest scams can be found at http:// antiphishing.org and http://www.phishtank.com.

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook


Post a comment