Understanding The Effectiveness Of Typosquatting Techniques
Abstract
The nefarious practice of Typosquatting involves deliberately registering Internet domain names containing typographical errors that primarily target popular domain names, in an effort to redirect users to unintended destinations or stealing traffic for monetary gain. Typosquatting has existed for well over two decades and continues to be a credible threat to this day. As recently shown in the online magazine Slate.com [19], cybercriminals have attempted to distribute malware through Netflix.om, a typosquatted variant of the popular streaming site Netflix.com that uses the country code top-level domain (ccTLD) for Oman (.om). While much of the prior work has examined various typosquatting techniques and how they change over time, none have considered how effective they are in deceiving users. In this paper, we attempt to fill in this gap by conducting a user study that exposes subjects to several uniform resource locators (URLs) in an attempt to determine the effectiveness of several typosquatting techniques that are prevalent in the wild. We also attempt to determine if the security education and awareness of cybercrimes such as typosquatting will affect the behavior of Internet users. Ultimately, we found that subjects tend to correctly identify typosquatting which adds characters to the domain names, while the most effective techniques to deceive users involves permutations and substitutions of characters. We also found that subjects generally performed better and faster at identifying typosquatted domain names after being thoroughly educated about them, and that certain attributes such as Age and Education affect their behavior when exposed to them.
Publication Date
10-14-2017
Publication Title
HotWeb 2017 - Proceedings of the 5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies
Document Type
Article; Proceedings Paper
Personal Identifier
scopus
DOI Link
https://doi.org/10.1145/3132465.3132467
Copyright Status
Unknown
Socpus ID
85036613332 (Scopus)
Source API URL
https://api.elsevier.com/content/abstract/scopus_id/85036613332
STARS Citation
Spaulding, Jeffrey; Nyang, Daehun; and Mohaisen, Aziz, "Understanding The Effectiveness Of Typosquatting Techniques" (2017). Scopus Export 2015-2019. 6630.
https://stars.library.ucf.edu/scopus2015/6630