Cybersquatting, a method of tricking victims into visiting malicious websites, hit an all-time high in 2022, according to new reports.
Data from the World Intellectual Property Organization (WIPO) analyzed by Atlas VPN showed that 5,616 cybersquatting disputes were filed with the organization this year, a nearly 10% increase compared to 2021.
Cybersquatting is a method where scammers try to use typos (or recklessness) to get people to visit their malicious websites. There are different formats of cybersquatting, including typosquatting, combosquatting, and others.
Typosquatting variants
Typosquatting, probably the most popular of the methods, involves cybercriminals registering domain names seemingly identical to those belonging to legitimate companies. For example, Amazon could be Anazon, Amazon, and Netflix could be NetfIix (capitalized and instead of L).
Combosquatting is also a popular technique and involves combining a domain name with an additional word such as “payment”, “support” or similar. For example, Amazon might be amazon-support.com while Netflix might be netflix-payment.com.
With cybersquatting, cybersquatting is about two things: either people mistype the address themselves, or scammers share a link via email or social media channels and hope no one notices the typo or the obvious fake domain name. Malicious websites are designed to look identical to their legitimate counterparts and are designed to do so steal an identity and login details.
Complaints about cybersquatting have steadily increased over the years, according to Atlas VPN. Compared to 2000, the number of cybersquatting disputes has increased by 202%. The total number of complaints exceeded 61,000 during this period.
One of the larger and more recent campaigns involved an unknown cybercriminal who created over 200 malicious domains and impersonated over two dozen global brands to distribute all kinds of malware for Android and Windows operating systems. Some brands impersonating the attack include PayPal, SnapChat, TikTok, and others.