In this paper we present soundsquatting, a previously unreported type of domain squatting which we uncovered during analysis of cybersquatting domains. In soundsquatting, an attacker takes advantage of homophones, i.e., words that sound alike, and registers homophoneincluding variants of popular domain names.We explain why soundsquatting is different from existing domain-squatting attacks, and describe a tool for the automatic generation of soundsquatting domains. Using our tool, we discover that attackers are already aware of the principles of soundsquatting and are monetizing them in various unethical and illegal ways. In addition, we register our own soundsquatting domains and study the population of users who reach our monitors, recording a monthly average of more than 1, 700 non-bot page requests. Lastly, we show how sounddependent users are particularly vulnerable to soundsquatting through the abuse of text-to-speech software.
CITATION STYLE
Nikiforakis, N., Balduzzi, M., Desmet, L., Piessens, F., & Joosen, W. (2014). Soundsquatting: Uncovering the use of homophones in domain squatting. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 8783, 291–308. https://doi.org/10.1007/978-3-319-13257-0_17
Mendeley helps you to discover research relevant for your work.