Malicious domains masquerading as Google sites are the latest ploy by payment card-skimming adversaries looking to dupe website visitors.
According to analysts at Sucuri, cybercriminals are using typosquatting (the practice of changing one letter in a trusted site name to use as a malicious URL) to deceive unsuspecting, unobservant victims.
“The malicious user purposely selected the domain name with the intention of deceiving [users],” explained Luke Teal, a security analyst at Sucuri, in a Thursday write-up. “Website visitors may see a reputable name (like ‘Google’) in requests and assume that they’re safe to load, without noticing that the domain is not a perfect match and is actually malicious in nature. This tactic is also common in phishing attacks to trick victims into thinking a phishing page is actually legitimate.”