Subdomain Insertion
Inserts dots to create fake subdomains. Makes it look like the user is on a subdomain of a legitimate site.
How It Works
This technique inserts dots into the domain name to create fake subdomains. For example, "example.com" becomes "ex.ample.com" which registers "ample.com" with an "ex" subdomain. On mobile devices, browsers often truncate URLs showing only the beginning, making "secure.example.com.evil.com" look like a legitimate subdomain of example.com.
Real-World Examples
- login.paypal.com.attacker.com — appears to be a PayPal subdomain
- secure.bankofamerica.com.phishing.net — exploits mobile URL truncation
- www.google.com.malicious.site — uses trusted prefix
Prevention Tips
- Educate users to look at the root domain (the part just before the TLD), not the beginning of the URL.
- Implement certificate pinning in your mobile apps to prevent subdomain spoofing.
- Monitor for domains that contain your brand name as a prefix.