While Halloween has come and gone, impersonation still seems to be a popular trend around certain circles. For example, cybercriminals love it and as we’ve discussed in past, will go to great lengths to pull off a convincing impersonation attempt. This is mainly because impersonation is a proven tactic that criminals are regularly using to attract victims into believing that they are acting on an important message, when that couldn’t be further from the truth.
Typosquatting is an impersonation technique frequently used to target employees. In this scenario, attackers buy a domain that is very similar to the company’s domain and use it to send spear phishing emails to the company’s employees. For example, attackers targeting Barracuda employees would buy baracuda.com (one ‘r’ is missing) and try to trick employees of the company to send them sensitive information or wire money. Some attackers even register the same domain in non-Latin alphabets (e.g., Cyrillic), for example, Baггacuda instead of barracuda (the Cyrillic letter ‘г’ replaced the Latin ‘r’).