Gartner in 2016 and since has warned that an organizations reputation in the internet world needs to consider Cyber Sqatting as a risk and danger. In a more recent article (upguard.com/blog/typosquatting by Abi Tyas Tunggal reprinted in cybersecurity-insiders.com/What-is-typosquatting-and-how-to prevent-it by Jane Devry) a fuller description of the cost and dangers of cybersquatting are explained.

The CybersquattingV1.ps1 toolkit is a deployable package which allows a Community coordinator to prepare a list of origanization URLs that you would like to check against some of the forms described

The following functions are provided and generate possible URLs presuming 1 mistake/adjustment only:

1. Invert letters
   - invert each letter in turn
2. Similar shaped letters and numbers replaced
   - i.e. h is like kbd
   
3. Finger Slip letters and numbers replaced
   - i.e. a finger slip for j on a qwerty keyboard is one of "uhnmki"
4. Replacement groups for common combinations
   - i.e. .com could be .cm|.cum|.cam|.comm|.kom|.km|.komm
5. Prefix groups for common combinations
   - i.e. www. (with dot) could be www|w3|ww3|www3|web (without)

Files are generated of the URLs to be tested. These URLs are then tested as to if they are active. You can then run the WhoIS trail to determine what the IP address of origin and their registration location. Further investigation as to content and malicious behaviour is left for those sites identified through these two levels of identification.

NOTE: This was run for a public organization. It found almost 70 squatting sites spanning Canada through eastern Europe. A couple of these were determined to be malicious adjusted copy sites prompting both domestic and international action on these sites.

Assessment against Mr Tunggal's recommendations

• Return to Monitoring


• Return to Main Page