Actu
The typo that costs £100,000
June 2015 by Websense
Millions of pounds are being stolen from businesses by a new spate of attacks called TTS (Targeted Typosquatting) that combine spear-phishing and typosquatting to target C-level execs and financial professionals.
Researchers at Websense Security Labs have discovered cybercriminals registering typosquatted domains (which include slight misspellings of the domain name, adding in, deleting or replacing characters in the domain name) to execute successful fraudulent campaigns, allowing them to smoothly steal millions of pounds with only a minor investment.
The TTS attack targets employees responsible for performing financial transactions, such as Accounts Payable Specialists or CFO, or a CEO, who gives unquestioned orders, with content that encourages them to complete a financial transaction (invoice payment, wire transfer, etc.). It is sent from a typosquatted domain that resembles their email, and includes an unencrypted attachment with instructions on where to send a payment. The domain is typically registered on the day of the attack then released for sale shortly after.
Websense’s researchers have observed an increase in the response rate to the emails over the last few months, often as high as 50% with a 35% likelihood of a user executing a financial transaction. Amounts requested range from $26,000 to $360,000, with the average cost topping $130,000 per incident.
