The Cabinet Division on Friday issued an advisory against typosquatting attacks, it is learnt reliably here.
According to the advisory, cyber actors are using malicious websites with names similar to the names of legitimate government websites.
The fake websites’ names consist of common misspellings or short names of government websites to deceive users to unwittingly type their passwords and other sensitive information or download malware on their systems and devices.
According to the advisory, attackers use web-based redirections to legitimate websites on their malicious web pages. This technique masquerades malicious websites as legitimate government websites.
The advisory also suggests taking preventive measures like configuration to restrict cross-domain redirections from unknown websites. It also suggests the use of open-source tools to enumerate malicious domains aiming at a typosquatting attack. After identification, these websites will be blocked by PTA.
The Cabinet Division has asked all government organizations (both civil and military) to take measures to prevent such attacks against their websites. It also suggests that website owners carry out rigorous awareness campaigns to make their users aware of such attacks.
