Email Print Share

"Combo Hack" -- The Discovery Files

The Discovery Files
Audio Play Audio
The Discovery Files podcast is available through iTunes or you can add the RSS feed to your podcast receiver. You can also access the series via AudioNow® by calling 641-552-8180 on any telephone.


Researchers at Georgia Tech and Stony Brook University are warning of an insidious threat known as "combo-squatting." Used in cyber-attacks, it combines trademarked names with other words to lure users to scam websites.

Credit: NSF/Karson Productions

Audio Transcript:

Checking the "URL."

I'm Bob Karson with the Discovery Files, from the National Science Foundation.

Most of us are familiar with "typo-squatting" on the internet. It's where the bad guys register common misspellings of a legitimate website, hoping you'll misspell it in your browser and fall right into their hands.

Researchers at Georgia Tech and Stony Brook University are warning of another insidious threat: "combo-squatting." No misspelling, but extra words added to a legitimate domain name. For example, attackers may register, www.(familiar bank name)-security.com. That one extra word could mean it's no longer your bank, but a malicious site. The extra word is often one that increases urgency, like, "security." You're more likely to accept it's real, let down your guard, and fall prey.

In this first large-scale study of combo-squatting, the team looked at 268 of the most popular trademarked domain names in the U.S. and at variations where additional words were added to the legit URL.

They found 2.7 million combo-squatting domains. Many of the bogus domains were once used by legitimate companies, but lapsed and were gobbled up by the squatters.

The researchers suggest these names should be intercepted so they can't be re-used this way. Along with more stringent analysis of those registering domain names, they say workplace training could help, too.

Guess we should all become better "masters of our domains."

"The discovery files" covers projects funded by the government's National Science Foundation. Federally sponsored research -- brought to you, by you! Learn more at nsf.gov or on our podcast.

 
General Restrictions:
Images and other media in the National Science Foundation Multimedia Gallery are available for use in print and electronic material by NSF employees, members of the media, university staff, teachers and the general public. All media in the gallery are intended for personal, educational and nonprofit/non-commercial use only.

Images credited to the National Science Foundation, a federal agency, are in the public domain. The images were created by employees of the United States Government as part of their official duties or prepared by contractors as "works for hire" for NSF. You may freely use NSF-credited images and, at your discretion, credit NSF with a "Courtesy: National Science Foundation" notation. Additional information about general usage can be found in Conditions.

Also Available:
Download the high-resolution JPG version of the image. (66.6 KB)

Use your mouse to right-click (Mac users may need to Ctrl-click) the link above and choose the option that will save the file or target to your computer.

MP3 icon
NSF podcasts are in mp3 format for easy download to desktop and laptops, as well as mobile devices capable of playing them.