Large-Scale Analysis of Pop-Up Scam on Typosquatting URLs
This research addresses the problem of online scams for internet users and cybersecurity professionals by providing detailed insights into targeted pop-up attacks on typosquatting domains, though it is incremental as it focuses on analysis rather than novel solutions.
The paper conducted a large-scale study on pop-up scams delivered through typosquatting domains, analyzing 8,255 distinct URLs from the Alexa Top 1 Million list and finding 9,857 pop-up messages, with 8,928 being malicious, and identified that 7,176 URLs targeted specific HTTP user agents.
Today, many different types of scams can be found on the internet. Online criminals are always finding new creative ways to trick internet users, be it in the form of lottery scams, downloading scam apps for smartphones or fake gambling websites. This paper presents a large-scale study on one particular delivery method of online scam: pop-up scam on typosquatting domains. Typosquatting describes the concept of registering domains which are very similar to existing ones while deliberately containing common typing errors; these domains are then used to trick online users while under the belief of browsing the intended website. Pop-up scam uses JavaScript alert boxes to present a message which attracts the user's attention very effectively, as they are a blocking user interface element. Our study among typosquatting domains derived from the Alexa Top 1 Million list revealed on 8255 distinct typosquatting URLs a total of 9857 pop-up messages, out of which 8828 were malicious. The vast majority of those distinct URLs (7176) were targeted and displayed pop-up messages to one specific HTTP user agent only. Based on our scans, we present an in-depth analysis as well as a detailed classification of different targeting parameters (user agent and language) which triggered varying kinds of pop-up scams.