Are Banks and Their Customers Once Again at Risk of Typosquatting Woes?
Banks and other financial institutions have always been a top-of-mind attack target.1 We analyzed an ongoing cybersquatting campaign targeting U.S. Bancorp using four malicious domains and their corresponding IP resolutions that IBM X-Force Exchange identified.2
We used the IoCs as a jump-off point to determine if other banks are at risk and build a detailed threat research spreadsheet containing:
- Thousands of new domains registered within a month that may be attempting to impersonate various banks worldwide
- Thousands more mimicking bank domains that were dropped over the same period due to ties to legal issues or possibly malicious activity
- Data pertaining to a deep WHOIS and DNS contextualization and domain ownership analysis, which revealed that hundreds of NRDs shared creation dates and IP resolutions with the identified IoCs
- Hundreds of NRDs and recently expired domains that were tagged “dangerous” by various malware engines
Download the spreadsheet now to access the complete list of identified artifacts used to conduct additional enrichment and threat analysis.
-  https://www.statista.com/statistics/266161/websites-most-affected-by-phishing/
-  https://exchange.xforce.ibmcloud.com/collection/US-Bank-Squatting-Campaign-f795d1dc02096a59ecf8200eb137e4f8