Hellow, hope you're doing gr8.

Maybe you've noticed that today I have been started my blog with TYPOS. Even you saw it right... my topic is related to TYPOS. We generally use those phrases(which I have used at the beginning) for fun/short cut. NOW, this nuclear habit can turn you into a victim of Social Engineering Attacks! Don't worry I will make it so simple that anyone can get this concept as well as his/her IQ will be +1 :p

The question is WHAT? HOW? WHEN?

HAVE PATIENCE !!!

I am hoping you must know or have some idea about SOCIAL ENGINEERING ATTACKS. If "YES" take it 🍕 else click here to know about it after returning from the wiki page here you take it 🍕.

Now sit back and relax ⛱️

So TYPOSQUATTING is a type of social engineering attacks where the attacker takes advantages of the internet user's TYPOS/ TYPING MISTAKE habit and perform social engineering attack.

In this scenario, the attacker will redirect you to his malicious website instead of the genuine website.

Now let's understand this with a real-life example: So this is Mr X and he generally uses shortcuts while typing...

He is very fashionable and frequently buys clothes shoes etc from E-commerce websites. And recently he came to know that there is a website[Assume the website is "greatdeal.com"] that gives marvellous deals on dresses and clothes. As soon as he's hard about the deal went to visit the website typing on the web browser: gr8deal.com. Being excited and by nature, he types visit the wrong website and still able to find cool deals on commodities which he was looking for.

Now you can ask HOW is this possible right?

Well, there are the attackers who are continuously working on improving their traps to get sensitive information as well as money from people like Mr X. Here the trap is that the attacker set up a malicious website on the domain name: gr8deal.com which is in no way affiliated to the real one but looks like the real one. The malicious site hosted by the attacker is knowns as the DOPPELGANGER website.

Let's continue the story of Mr X. Now he's getting all his required commodities with an 80% discount, he's super happy. Made the payment with his credit/debit card and placed the order which will never be delivered to him. The payment as well as all the details he put on that website[gr8deal.com] was sent to the attacker.

SO NOW WE CAN SAY Mr X IS A VICTIM OF TYPOSQUATTING ATTACK.

The motto of the story is

• "Don't get excited and don't misspell the domain name"

A bonus tip from my side

• "Think before you click Anything"

The above two tips will keep you away from famous social engineering attacks like TYPOSQUATTING & PHISHING ATTACK.

I wish this will stop you to be the next Mr X.

Still, if you require any assistance from me in any concept in #infosec my DM is 💲free Twitter

See you in my next blog. Stay safe Stay secure :)