The increasingly popular way that hackers are trying to get their hands on your personal data is called ‘combosquatting’, a relatively new form of getting you to click on spoofed domain links that take advantage of the most popular brands. Today, we’ll analyse this method in depth and provide you with some cyber security tips on what you can do to avoid you or your employees falling for this trick.
In the past, cyber criminals were often trying to get people to click on malicious links (phishing for user credentials or infecting your PC with malware) by registering domain names that looked almost like legitimate brand names, except with a couple of deliberate spelling errors, for example, the letter ‘q’ can be used in place of the letter ‘g’. The good news is that this method allows for a limited set of possibilities for forgery.
However, combosquatting does not have this problem, as the malicious actors are appending words to popular brands. For example, a hacker might register a domain name called ‘google-security.com’ or something similar. This method preys on the less educated and unsuspecting users, since they often don’t pay attention to what links they click on, making the method increasingly more effective.
To combat this, you should always remain vigilant when clicking on a link, especially if it’s coming from a source you aren’t familiar with. Business owners can also do a great deal to combat this by educating their employees about the most common tactics hackers use and how to prevent cybercriminals from victimising you.