Phishing attacks are becoming increasingly sophisticated and are difficult to detect. A new report has highlighted the most common types of attack, which involves the use of ‘confusable’ or typosquatting domains that look similar to legitimate domains. This includes domains that are targeted at big tech and telco brands which users may have a trust relationship with.
The underlying problem is that spotting confusable domains in phishing emails is challenging as the number of possible word combinations in different languages is vast. Cloudflare’s list of the top 50 most abused brands provides some insight into the most common targets, and the domains used to target them. For example, the Amazon ‘login-amazon-account[.]com’ domain could fool almost anyone.
Cloudflare developed the list using a ‘fuzzy matching’ algorithm to detect domains that are similar to the domains used by the Cloudflare One customer base. This system flags suspicious domains in near real time, but customers have to generate the patterns it wants its domains to be associated with.
Criminals may soon move on to more complex variations on the same idea, making the battle against phishing even more difficult. Companies should be aware of the threat posed by phishing and use tools to detect these domains in order to protect themselves and their customers.
Key Points:
• Phishing attacks are becoming increasingly sophisticated and are difficult to detect
• Criminals target big tech and telco brands which users may have a trust relationship with
• Cloudflare developed a ‘fuzzy matching’ algorithm to detect similar domains
• Companies should be aware of the threat posed by phishing and use tools to detect these domains