phishandchips.io

Looks Can Be Deceptive: Unmasking the Art of Mimicry

In the vast landscape of the internet, where millions of websites beckon users with the promise of information, services, and entertainment, there exists a deceptive art known as mimicry. Cybercriminals have mastered the craft of making websites look like trusted counterparts through various forms of spoofing. This article delves into the intricate world of mimicry, exploring different types of spoofing that can fool even the most discerning users.

  1. Character Swapping:
    One of the most common forms of spoofing involves subtly altering characters in a web address, a technique known as typosquatting. For instance, consider the legitimate website “example.com.” A malicious actor might register a domain like “examp1e.com,” replacing the letter “l” with the numeral “1.” This subtle change often goes unnoticed, leading users astray.
    • Example 1: Original – google.com > Spoofed – g00gle.com
    • Example 2: Original – amazon.com > Spoofed – amaz0n.com
    • Example 3: Original – paypal.com > Spoofed – paypall.com
  2. Shape of Characters:
    Cybercriminals exploit the visual similarities between characters to create deceptive URLs. This technique involves using characters that resemble the intended ones at first glance. Consider the letter “o” and the number “0” or the lowercase “l” and the uppercase “I.”
    • Example 1: Original – microsoft.com | Spoofed – m1crosoft.com
    • Example 2: Original – twitter.com | Spoofed – tw1tter.com
    • Example 3: Original – linkedin.com | Spoofed – l1nkedin.com
  3. Subdomains:Spoofers may employ subdomains to mimic legitimate websites convincingly. By appending familiar terms to a subdomain, attackers create an illusion of legitimacy.
    • Example 1: Original – bankofamerica.com | Spoofed – secure.bankofamerica.com
    • Example 2: Original – apple.com | Spoofed – support.apple.com
    • Example 3: Original – ebay.com | Spoofed – deals.ebay.com
  4. URL Length:Another clever tactic involves manipulating the length of URLs. Cybercriminals might add unnecessary characters to make the fake URL appear more authentic.
    • Example 1: Original – netflix.com | Spoofed – netflix-offers-free-trial-login.com
    • Example 2: Original – reddit.com | Spoofed – reddit-best-content-2024.com
    • Example 3: Original – cnn.com | Spoofed – cnn-breaking-news-updates.com
  5. Cyrillic Characters (Homograph Attack):This form of mimicry relies on the visual similarities between characters in different scripts. For instance, using Cyrillic characters that look identical or very similar to Latin characters.
    • Example 1: Original – apple.com | Spoofed – аpple.com (with Cyrillic “a”)
    • Example 2: Original – facebook.com | Spoofed – fасebook.com (with Cyrillic “c”)
    • Example 3: Original – twitter.com | Spoofed – twіtter.com (with Cyrillic “i”)

  1. Hyphenated Variations:In this form of mimicry, scammers add or remove hyphens within domain names, creating deceptive URLs that closely resemble legitimate ones.
    • Example 1: Original – disneyplus.com | Spoofed – disney-plus.com
    • Example 2: Original – mastercard.com | Spoofed – master-card.com
    • Example 3: Original – airbnb.com | Spoofed – air-bnb.com
  2. Double Extensions:Cybercriminals may use double file extensions to disguise malicious files as harmless ones. For instance, a file named “document.pdf.exe” may appear as a PDF but is executable.
    • Example 1: Original – document.pdf | Spoofed – document.pdf.exe
    • Example 2: Original – image.jpg | Spoofed – image.jpg.exe
    • Example 3: Original – report.doc | Spoofed – report.doc.exe
  3. Redirect Spoofing:This tactic involves creating a URL that appears harmless but redirects users to a different, often malicious, website. Users may be initially deceived by the visible URL.
    • Example 1: Original – newswebsite.com | Spoofed – entertainmentnews.com (redirects to a phishing site)
    • Example 2: Original – shoppingmall.com | Spoofed – discountshopping.com (redirects to a scam site)
    • Example 3: Original – techforum.com | Spoofed – techdiscussion.com (redirects to a malware site)
  4. Homophonic Substitution:Mimicking sounds rather than visual appearance, homophonic substitution involves using characters that sound similar to the intended ones.
    • Example 1: Original – ebay.com | Spoofed – ebae.com
    • Example 2: Original – google.com | Spoofed – go0gle.com
    • Example 3: Original – yahoo.com | Spoofed – yahhoo.com
  5. Path Deception:Scammers manipulate the path section of a URL to create a false sense of security. They might mimic legitimate paths or insert fake directory names.
    • Example 1: Original – website.com/login | Spoofed – website.com/fake-login
    • Example 2: Original – bankingportal.com/transactions | Spoofed – bankingportal.com/phony-transactions
    • Example 3: Original – supportcenter.com/help | Spoofed – supportcenter.com/fake-help

11 Different Top-Level Domain (TLD):

  1. Original – google.com | Spoofed – google.co
  2. Original – amazon.com | Spoofed – amazon.us
  3. Original – microsoft.com | Spoofed – microsoft.co
  4. Original – facebook.com | Spoofed – facebook.us

In this type of spoofing, attackers leverage the familiarity users have with well-known websites and simply replace the common TLDs (like .com) with alternatives such as .co or .us. This subtle change can be easily overlooked by users, leading them to potentially harmful or deceptive websites. Remaining vigilant and checking the full URL is crucial to identifying such spoofing attempts.

12. Brand Name Variations:

  • Original – cocacola.com | Spoofed – coca-cola.co
  • Original – nike.com | Spoofed – nike-store.us

13. Homogeneous Characters:

  • Original – youtube.com | Spoofed – уоutube.co
  • Original – instagram.com | Spoofed – instаgram.us

14. Regional Variation:

  • Original – target.com | Spoofed – target-store.co
  • Original – walmart.com | Spoofed – walmart-shop.us

15. Non-standard Characters:

  • Original – apple.com | Spoofed – åpple.co
  • Original – ebay.com | Spoofed – èbay.us

16. Common Misspellings:

  • Original – linkedin.com | Spoofed – linkdin.co
  • Original – pinterest.com | Spoofed – pintrist.us

17. Unicode Characters:

  • Original – amazon.com | Spoofed – amazоn.co
  • Original – twitter.com | Spoofed – twіtter.us

18. URL Shorteners:

  • Original – bit.ly/original | Spoofed – bit.ly/suspicious

19. Fake Protocols:

20. IP Address Spoofing:

  • Original – website.com | Spoofed – 192.168.0.1 (using IP instead of domain)

Posted

in

Tags:

Framework
Site Map
Glossary
TackleBox