CAPEC-631: SoundSquatting
Also known as: Homophone Attack
An adversary registers a domain name that sounds the same as a trusted domain, but has a different spelling. A SoundSquatting attack takes advantage of a user's confusion of the two words to direct Internet traffic to adversary-controlled destinations. SoundSquatting does not require an attack against the trusted domain or complicated reverse engineering.
Last updated
Overview
CAPEC-631 (SoundSquatting) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
How the attack works
The phases an attacker typically follows to carry out this attack.
- Step 1Explore
[Determine target website] The adversary first determines which website to impersonate, generally one that is trusted, receives a consistent amount of traffic, and is a homophone.
- Research popular or high traffic websites which are also homophones.
- Step 2Experiment
[Impersonate trusted domain] In order to impersonate the trusted domain, the adversary needs to register the SoundSquatted URL.
- Register the SoundSquatted domain.
- Step 3Exploit
[Deceive user into visiting domain] Finally, the adversary needs to deceive a user into visiting the SoundSquatted domain.