Privacy Risks of Cybersquatting Attacks

Abstract

Cybersquatting is a collection of methods commonly used by malicious actors to mislead or trick internet users into accessing fraudulent or malicious content. Much of the current research has concentrated on the specific techniques used by attackers in this domain, such as typosquatting, combosquatting, and sound squatting. Some research has explored the financial and time impacts of cybersquatting; however, an understanding of user privacy impacts is limited. Prior research into privacy implications has primarily relied on passive techniques such as analyzing DNS records, HTML content, and domain registrations. These passive approaches limit the ability to interact with these domains and track the downstream impact of sharing personally identifiable information (PII). This research develops an active open-source intelligence (OSINT) collection system capable of rapidly collecting and analyzing squatting domains through both passive and active techniques, with a particular emphasis on identifying those that solicit user information. Synthetic identities are then registered with these domains, and their associated communications are collected and analyzed to identify privacy-related risks and determine whether shared PII propagates.