Cado Security researchers found that malicious actors are using typosquatting tactics, registering domains that closely mimic legitimate tech companies’ domains to deceive users. This typically involves subtle changes, such as swapping the letter 'I' for a lowercase 'L', making the fraudulent site appear credible at first glance.
In a recent case, a fraudulent domain masquerading as Cado Security was discovered. Though it redirected users to the genuine site, it indicates the potential for a phishing attack in the future, highlighting the importance of vigilance against such threats.
Malicious actors aren’t just stopping at domain registrations; they also create social media accounts to increase the perceived legitimacy of their threats. For example, in this case, an X (formerly Twitter) account was set up with a purchased Gold Checkmark, following users related to Cado and gaining followers.
The research indicates that Cado Security is not alone in this situation, as other tech companies are also facing impersonation. Security leaders are urged to actively monitor domain registrations to protect their organizations from such deceptive practices.
Collection
[
|
...
]