Soundsquatting: Uncovering the Use of Homophones in Domain Squatting

Soundsquatting research View research paper: Soundsquatting: Uncovering the Use of Homophones in Domain Squatting

Cybercrime is a lucrative underground business, so it’s no surprise to hear about cybercriminals diversifying their techniques to carry out their malicious intents. One of these alternative tactics is soundsquatting, another form of website domain squatting, wherein a popular website domain or URL is spoofed by using homophones rather than typographical errors. Homophones are words that sound alike; spelling and meaning differ.

While currently not as popular as typosquatting, soundsquatting can lead to the same serious threats: web traffic theft, affiliate scams, phishing attacks, as well as leading visitors of the targeted domain to malicious websites (which, in turn, can cause malware downloaded and installed onto systems). It can also make a particular subset of users, namely, those who rely on assistive technologies to go about their digital lives (e.g., the visually impaired), vulnerable to these threats. We looked deep into this topic to understand what soundsquatting is and see its potential impact in the online security landscape.

Our foray into the core of soundsquatting sought to shed light on several premises, such as the following:

  • Which web domains and websites would be the most targeted
  • If soundsquatting was already being used by cybercriminals
  • Where do existing soundsquatted domains lead to
  • How susceptible are audio-dependent users to soundsquatting

We attempted to answer these through extensive research and through our own soundsquatting domain generator equipped with rules that cybercriminals would plausibly apply. We also utilized Alexa.com’s list of top 10,000 websites as a list of potential soundsquatting targets. The results are as follows.

  • The highest ranking domain that had homophones (thus a possible prime target) is youtube.com for which our own soundsquatting domain generator yielded soundsquatted domains, such as yewtube.com, ewetube.com, and utube.com.
  • The current domain with the highest number of homophones is wearehairy.com, which has 12 different homophones and results in 32 different soundsquatted domains.
  • The homophones most used in generating soundsquatted domains for the top 10,000 domains are 2, two, to, and too. This is followed by the homophone set 1, one, and won.
  • Cybercriminals are already aware of soundsquatting and are using it for malicious purposes. In our analysis, we’ve detected instances of soundsquatted domains leading to affiliate abuse, traffic theft, survey scams, phishing, and drive-by/socially engineered malware installations.
  • Legitimate domain owners also use soundsquatting in order to lead users to their original websites. Some also promote websites related to the original domain’s content.
  • By testing five popular screen readers, we verified that users who rely on assistive technologies to visit domains are susceptible as these technologies cannot provide users with distinction between legitimate and soundsquatted domains. We also discover pseudo-homophones (i.e., words that are not real dictionary words but are phonetically similar, such as joak for joke) can also be used in this manner.

More details about our results and findings on soundsquatting can be viewed in the full research paper, “Soundsquatting: Uncovering the Use of Homophones in Domain Squatting”.

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Опубликовано в Cybercrime & Digital Threats, Research, Malicious Sites