216.73.216.86

Phishing Via Typosquatting and Brand Impersonation: Trends and Tactics

· Published 12/09/2024 08:23 · Modified 12/09/2024 08:54

Export JSON

Essential information

Published
12/09/2024 08:23
Modified
12/09/2024 08:54
Tags
2024-09-12 brand impersonation certificate abuse credential-theft domain abuse phishing scams typosquatting
Related entities
10 observables, 10 techniques (mitre), 2 malware, 3 others

Description

From February to July 2024, an analysis of over 500 popular domains revealed more than 10,000 malicious lookalike domains employing and techniques. Google, Microsoft, and Amazon were the most targeted brands, accounting for nearly 75% of domains. Almost half of these domains used free Let's Encrypt TLS certificates to appear legitimate. The .com top-level domain was most prevalent, targeting English speakers. Internet Services, Professional Services, and Online Shopping were the most impersonated sectors. GoDaddy was the most abused domain registrar. Threat actors used these domains for malware distribution, credential theft, , and command-and-control communication.

External references