Skip to content

Add Guidance About Typosquatting or lookalike domain phishing in relevant CheatSheet #2272

Description

@sujalavnelavai

I have reviewed many Cheat Sheets whether this topic is present elsewhere in Phishing Cheat Sheet and other cheat sheets related to this like Authentication cheat sheet, MFA cheat sheet, credential stuffing, user privacy protection, TLS cheat sheet and some cheat sheets but I did not find any guidance about this topic.

I would like to propose adding a concised section about Typosquatting or look-alike domains which can lead to credential theft, session compromise, or supply chain compromise, and then refer readers to authoritative external guidance.

References include:

CISA guidance on software supply chain security and typosquatting.
Other authoritative industry guidance where appropriate.

The goal is to improve awareness while keeping the Cheat Sheet focused and avoiding duplication of existing content.

It seems Phishing cheat sheet would be a better fit to add but I would appreciate feedback from the maintainers on whether this would be an appropriate enhancement, and if so, which cheat sheet(s) would be the most suitable location before I prepare a pull request.

                           Thank you.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions