Attacks & Threats
Typosquatting
Also known as: URL hijacking, Domain typo-squatting
Definition
Registering domain names or package names that are misspellings or visual look-alikes of legitimate ones, to catch users or developers who make typing or recognition errors.
Examples
- Phishing site at "paypa1.com" (digit "1" for letter "l") collects credentials from users who mistype the real domain.
- Malicious npm package "reqeusts" mimics "requests" and ships an info-stealer on install.
Related terms
Cybersquatting
Registering domain names that contain trademarks or well-known brand names without authorization, typically to extract money from the rights holder or to deceive users.
Domain Hijacking
The unauthorized takeover of control over a registered domain name at the registrar or registry level, allowing an attacker to redirect traffic, email, and trust to malicious infrastructure.
Phishing
A social-engineering attack in which an attacker impersonates a trusted party to trick a victim into revealing credentials, transferring money, or running malware.
Supply Chain Attack
An attack that compromises a trusted third-party software, hardware, or service provider in order to reach its downstream customers.
Drive-by Download
An attack in which malware is silently installed on a victim's device simply by visiting a compromised or malicious website.
Open Redirect
Open Redirect — definition coming soon.