In this paper we present soundsquatting, a previously unre-ported type of domain squatting which we uncovered during analysis of cybersquatting domains. In soundsquatting, an attacker takes advantage of homophones, i.e., words that sound alike, and registers homophone-including variants of popular domain names. We explain why soundsquatting is different from existing domain-squatting attacks, and describe a tool for the automatic generation of soundsquatting domains. Using our tool, we discover that attackers are already aware of the principles of soundsquatting and are monetizing them in various unethical and illegal ways. In addition, we register our own soundsquatting domains and study the population of users who reach our monitors, recording a monthly average of more than 1,700 non-bot page requests. Lastly, we show how sound-dependent users are particularly vulnerable to soundsquatting through the abuse of text-to-speech software.
展开▼