CAPEC-630: TypoSquatting

An adversary registers a domain name with at least one character different than a trusted domain. A TypoSquatting attack takes advantage of instances where a user mistypes a URL (e.g. www.goggle.com) or not does visually verify a URL before clicking on it (e.g. phishing attack). As a result, the user is directed to an adversary-controlled destination. TypoSquatting does not require an attack against the trusted domain or complicated reverse engineering.

Medium

Typical severity

Per MITRE

Low

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Detailed

Abstraction

MITRE classification

Overview

CAPEC-630 (TypoSquatting) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.

CAPEC-630: TypoSquatting

Overview

How the attack works

What the attacker needs

Prerequisites

Skills required

Consequences

How to mitigate it

Examples

Frequently asked questions

What is CAPEC-630?

How does a TypoSquatting attack work?

How do you prevent CAPEC-630?

How severe is CAPEC-630?

References

Defend against CAPEC-630

Overview

How the attack works

What the attacker needs

Prerequisites

Skills required

Consequences

How to mitigate it

Examples

Related attack patterns

Parent

Peer

Can precede

Related

Frequently asked questions

What is CAPEC-630?

How does a TypoSquatting attack work?

How do you prevent CAPEC-630?

How severe is CAPEC-630?

References

Defend against CAPEC-630