We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:


Current browse context:


Change to browse by:


References & Citations

DBLP - CS Bibliography


(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Cryptography and Security

Title: Typosquatting for Fun and Profit: Cross-Country Analysis of Pop-Up Scam

Abstract: Today, many different types of scams can be found on the internet. Online criminals are always finding new creative ways to trick internet users, be it in the form of lottery scams, downloading scam apps for smartphones or fake gambling websites. This paper presents a large-scale study on one particular delivery method of online scam: pop-up scam on typosquatting domains. Typosquatting describes the concept of registering domains which are very similar to existing ones while deliberately containing common typing errors; these domains are then used to trick online users while under the belief of browsing the intended website. Pop-up scam uses JavaScript alert boxes to present a message which attracts the user's attention very effectively, as they are a blocking user interface element.
Our study among typosquatting domains derived from the Majestic Million list utilising an Austrian IP address revealed on 1219 distinct typosquatting URLs a total of 2577 pop-up messages, out of which 1538 were malicious. Approximately a third of those distinct URLs (403) were targeted and displayed pop-up messages to one specific HTTP user agent only. Based on our scans, we present an in-depth analysis as well as a detailed classification of different targeting parameters (user agent and language) which triggered varying kinds of pop-up scams. Furthermore, we expound the differences of current pop-up scam characteristics in comparison with a previous scan performed in late 2018 and examine the use of IDN homograph attacks as well as the application of message localisation using additional scans with IP addresses from the United States and Japan.
Comments: 30 pages, 33 figures. Extended journal version of arXiv:1906.10762
Subjects: Cryptography and Security (cs.CR)
Journal reference: J. Cyber Secur. Mobil. 9 (2), 2020, 265-300
DOI: 10.13052/jcsm2245-1439.924
Cite as: arXiv:2004.01749 [cs.CR]
  (or arXiv:2004.01749v1 [cs.CR] for this version)

Submission history

From: Lukas Daniel Klausner [view email]
[v1] Thu, 2 Apr 2020 09:14:26 GMT (317kb,D)

Link back to: arXiv, form interface, contact.