A recent study presented at the 2024 Web Conference has identified a rising cybersecurity risk known as “phantom domains.” These phantom domains result from unregistered or placeholder dot-com links that hackers can hijack, turning them into dangerous attack vectors.
Phantom domains arise in two common forms: domain errors and placeholders. Domain errors often occur when web developers misspell a domain name, leaving users vulnerable to clicking on seemingly legitimate but unregistered links.
For instance, a fictional company, Bob’s Sports Gear, might have a typo in their web link, such as “www.bobsportsgear.com” instead of “www.bobssportsgear.com,” leading to an unregistered phantom domain.
Hackers can buy these domains and create spoofed versions of the real site, tricking users into providing sensitive information.
Placeholder domains are another form of vulnerability. Developers may leave placeholder links in websites for future projects that never materialize, leaving the unregistered domains up for grabs.
If attackers acquire these domains, they can easily set up malicious sites that resemble legitimate ones.
Research suggests that phantom domains are far from rare, with over 572,000 such domains active on the web today.
These links can go unnoticed for long
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: