22Oca
How to prevent credential stealing of customers via phishing and domain squatting
Threat actors are creating lookalike domains (ex. Telecom.com to te1ecom.com), and using those to phish users for credentials (not employees). They’re getting the MFA tokens, too.
What could be done so that the client-side code couldn’t be copied to create a replica or any other watermarking technique to let the user know that the site is genuine, without relying on client-side code?
We’ve tried buying all the lookalike domains so that no one can register them but it doesn’t seem to be working effectively.
