Typosquatting Awareness

What You'll Learn

• Detect common typosquatting techniques including character swaps, additions, and omissions in domain names
• Recognize internationalized domain name (IDN) homograph attacks that use visually identical Unicode characters
• Verify URL destinations before entering credentials by inspecting the full domain in the browser address bar
• Apply safe navigation habits such as bookmarks and direct typing to avoid landing on lookalike domains
• Evaluate shortened URLs and QR code destinations to confirm they resolve to legitimate websites

Training Steps

1. Welcome to Cascadia Insurance Partners

   Welcome to Cascadia Insurance Partners! You are Alice, a claims analyst who processes client insurance claims daily. Today you need to access the HR portal to update your direct deposit information for an upcoming payroll change. You've done this many times before - it's a routine task.

2. A Quick Task Before Lunch

   It's 11:45 AM and Alice wants to finish this quick task before her lunch break. She opens her browser and quickly types the HR portal URL from memory. In her hurry, she types cascadiansurance.com instead of cascadiainsurance.com - missing the 'i' in 'insurance'.

3. The Fake Portal

   The browser loads a page that looks exactly like the company's HR portal. The logo, colors, and layout are all familiar. Alice doesn't notice anything wrong.

4. Something Went Wrong

   After entering her credentials, the page displays a generic error: 'Unable to connect to server. Please try again later.' Alice is annoyed but assumes the HR system is having technical issues. She decides to try again later and opens her email to work on other tasks.

5. The Security Alert

   Alice receives an urgent email from IT Security.

6. Realizing the Mistake

   Alice's heart sinks. She remembers trying to access the HR portal earlier and getting that error message. Could she have entered her credentials on a fake site? She needs to call IT Security to report what happened and find out how her credentials were stolen.

7. Analyzing the Attack

   IT Security has confirmed that Alice fell victim to a typosquatting attack . Let's examine the fake site she visited to understand how it happened. Notice the subtle differences that Alice missed in her hurry.

8. The Typosquatted Domain

   The most critical red flag was in the domain itself.

9. How Typosquatting Works

   Typosquatting is a form of cybersquatting that exploits typing mistakes. Attackers: 1. Register lookalike domains - They identify popular websites and register domains with common typos cascadia n surance.com (missing 'i') cascadiainsurnace.com (letters swapped) cascadiainsurance.net (wrong TLD) cascadiainsurrance.com (extra letter) 2. Clone the legitimate site - They copy the visual design pixel-for-pixel 3. Harvest credentials - Users who mistype the URL unknowingly enter credentials on the fake site

10. Accessing the Security Portal

    Alice needs to file a formal incident report documenting what happened. She navigates to the Security Portal - this time carefully verifying the URL before entering credentials.