Oct 13, 2022
TypoSwype: An image recognition tool to detect typosquatting attacks
Posted by Saúl Morales Rodriguéz in category: cybercrime/malcode
In recent decades, cyberattacks have become increasingly varied, introducing various strategies to lure users onto malicious websites or prompt them to share sensitive data. As a result, computer scientists are continuously trying to develop more advanced tools to detect and neutralize these attacks.
Typosquatting, one of the most common attacks carried out online, exploits the human tendency to misspell words when typing quickly or to misread words when they have small topographical errors. Typosquatting essentially consists in the creation of malicious websites with URLs that resemble established sites, but with slight typos (e.g., “fqcebook” instead of “facebook” or “yuube” instead of “youtube”). When a user mistakenly visits these websites, they might unwillingly download malware or end up sharing personal information with the attackers.
Most existing techniques for detecting these phishing attacks are based on spell-checking tools. While these tools can work in some instances, they do not generalize well, as their performance typically depends on the vocabulary of words used to train them.