URL Hijacking – Using a Fake URL to Trick Users
May 04, 2022
By Victor Aranda and Patrick Merli
Attackers often use the technologies we depend on in our day-to-day life to trick users into visiting malicious sites or facilitating the distribution of viruses. Social engineering has become a staple of cyberattacks over the last decade. Bad actors are developing new techniques everyday built upon emerging technologies and designed to take advantage of humans’ propensity for error. One of the many techniques used by these bad actors for social engineering is URL hijacking.
URL hijacking, also known as a form of cybersquatting, is where the attacker buys and registers a new domain name using a slightly misspelled version of a well-known website and mirrors the appearance of it. This is designed to target internet users incorrectly typing the site’s URL into their web browser. The malicious site is normally designed in such way to trick users into entering their sensitive information such as email credentials and personal identifiable information (“PII”). The tactic has become so pervasive that, in 2018, security researchers found malicious sites ending in “.cm” (aol.cm, espn.cm, etc.) were visited 12 million times in just the first quarter of the year. In 2019, Palo Alto Networks, a global cybersecurity company, discovered over 13,000 domains registered for the purpose of URL hijacking in December alone, with 19% of them often distributing malware and/or conducting phishing attacks.
Organizations victimized by these bad actors can face significant reputational damage among their customers and industry peers. The best technical practices for organizations to protect themselves against this technique is to register and trademark their brand and website, then further protect themselves by purchasing close variations of their current domain names, for example, company.com, company.net, etc. as well as common misspellings. Domain monitoring tools and services can also be purchased that can notify your IT department any time a similar domain name is bought and registered.
Attackers are always looking for more ways to take advantage of human errors, ensuring URL hijacking scam techniques will always be prevalent. Proactive organizations are adding/including URL hijacking user training and awareness to help mitigate this threat. They also are adding extra layers of artificial intelligence to pre-scan emails to identify faulty emails that are often used by hackers to facility wire transfer fraud.
With an ever-growing number of new internet domain names registered every year, security companies are building more domain monitoring solutions into their services to offer additional layers of defense against these threats. We suggest staying vigilant to these types of scams and using the proper training, technologies and process to ensure proper cybersecurity hygiene.