Date: 09/11/2024
Severity: Critical
Summary
"Phishing Via Typosquatting and Brand Impersonation: Trends and Tactics" explores how cybercriminals exploit common typographical errors and brand names to deceive individuals and organizations. Typosquatting involves registering domain names that are slight misspellings of popular websites, tricking users into visiting fake sites that mimic legitimate ones. Brand impersonation involves creating fraudulent websites or communications that closely resemble well-known brands to steal sensitive information. The analysis highlights the latest trends in these tactics, their increasing sophistication, and the countermeasures being developed to combat such phishing attacks.
Indicators of Compromise (IOC) List
URL/Domain | play-store-google.com whatsapp2024.ru offlice365.com googleupdate.vip adobevn.pro onedrivesync.com googqle.com whatsapp- web.cn acrobatbrowser.com browserpapernews.pages.dev |
Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection
URL/Domain | Userdomainname like "play-store-google.com" or url like "play-store-google.com" or userdomainname like "whatsapp2024.ru" or url like "whatsapp2024.ru" or userdomainname like "offlice365.com" or url like "offlice365.com" or userdomainname like "googleupdate.vip" or url like "googleupdate.vip" or Userdomainname like "adobevn.pro" or url like "adobevn.pro" or Userdomainname like "onedrivesync.com" or url like "onedrivesync.com" or Userdomainname like "googqle.com" or url like "googqle.com" or Userdomainname like "whatsapp-web.cn" or url like "whatsapp-web.cn" or Userdomainname like "acrobatbrowser.com" or url like "acrobatbrowser.com" or Userdomainname like "browserpapernews.pages.dev" or url like "browserpapernews.pages.dev" |
Reference:
https://www.zscaler.com/blogs/security-research/phishing-typosquatting-and-brand-impersonation-trends-and-tactics#introduction