You’ve heard of typosquatting, where unsavory actors buy purposefully misspelled domain names in hopes to lure victims to their malicious sites, but what about combosquatting?
Combosquatting is the act of buying a domain name that combines a legitimate company domain with some other word, again in hopes of drawing victims to the official looking domain. According to new research from the Georgia Tech, combosquatting is more prevalent than typosquatting, with 2.7 million combosquatting domains targeting only 268 legitimate top domains. Watch the video below for more information about combosquatting, and be sure to check the reference section below if you want more detail on Georgia Tech’s research.
Note: This video was shot last week, but posted only recently. Links below have been updated with presentation materials that weren’t original available at the time of creation.
Episode Runtime: 3:47
Direct YouTube Link: https://www.youtube.com/watch?v=YV9BX3aanAo
EPISODE REFERENCES:
- Original media article on Combosquatting – Phys.org
- Georgia Institute of Tech’s blog post on Combosquatting – Gatech.edu
- Researcher’s whitepaper on Combosquatting [PDF] –Gatech.edu
- Presentation on Combosquatting [PDF] –Gatech.edu
- Equifax tweets the wrong “combosquatting” link – NY Times
—Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply