|
When visitors fail to recognize that the site they visit is a fraudulent copy of that of a famous brand, they can expose themselves to cybercrime and other attacks. As part of these attacks, typosquatting is a common technique that hackers use to lure victims. They create websites that very closely resemble that of the brand they are trying to hijack so the victims would not have a clue that it is fake.
As such, one typo can easily land users on a hijacked site that may:
A Closer Look at Leboncoin Marketplace’s Case
Cybercriminals often target brands that have a considerable following. For them, the more page views a brand’s site gets, the better it is to spoof.
Leboncoin is France’s No. 1 marketplace that corporations often use when they need to look for candidates for job openings. It is also popular among vehicle and real estate buyers and sellers. That said, it can be a pretty enticing target for hackers.
Recently, we discovered six domains that may be used to spoof Leboncoin’s domain leboncoin[.]fr using our typosquatting tool. At a glance, they may look like legitimate country versions of the site:
The company can have registered these misspelled variants of its domain as a means to protect against typosquatting. But, it is also possible that cybercriminals registered them to target Leboncoin’s users. The point is, we can’t be sure until we check. Simple Google searches might do the trick. Then again, we don’t want to accidentally visit a malicious website that could have bypassed the search engine’s built-in filters by doing so. To avoid such a drawback, we used WHOIS Lookup, a WHOIS domain name search tool.
We retrieved the domains’ WHOIS records and found that:
Here is an example of the said records:
While the results seem suspicious, we need to be sure. So we ran Leboncoin’s domain, leboncoin[.]fr, on WHOIS API too to retrieve and compare its records with those of the six domains mentioned above:
We found that Leboncoin’s site was registered in 2007, and, as expected, it’s registration isn’t set to expire in just a year. Also, the domain was registered in France, which makes sense since it sports the country-code top-level domain (ccTLD) .fr. Finally, its registrant data is publicly accessible, unlike those of the six domains.
If Leboncoin was responsible for registering the six domains, it is logical to assume they would contain the same or similar details as those in its website’s WHOIS record. As we’ve seen, they don’t. And so, it is highly advisable to stay away from the sites hosted on the six domains we investigated. They may soon figure in phishing and other attacks.
* * *
These days, to avoid falling for phishing scams due to typosquatting, users can rely on domain name search tools such as WHOIS Lookup that can help spot fake domains by comparing them with legitimate ones through their WHOIS records.
Sponsored byIPv4.Global
Sponsored byRadix
Sponsored byVerisign
Sponsored byDNIB.com
Sponsored byCSC
Sponsored byVerisign
Sponsored byWhoisXML API