I have reviewed many Cheat Sheets whether this topic is present elsewhere in Phishing Cheat Sheet and other cheat sheets related to this like Authentication cheat sheet, MFA cheat sheet, credential stuffing, user privacy protection, TLS cheat sheet and some cheat sheets but I did not find any guidance about this topic.
I would like to propose adding a concised section about Typosquatting or look-alike domains which can lead to credential theft, session compromise, or supply chain compromise, and then refer readers to authoritative external guidance.
References include:
CISA guidance on software supply chain security and typosquatting.
Other authoritative industry guidance where appropriate.
The goal is to improve awareness while keeping the Cheat Sheet focused and avoiding duplication of existing content.
It seems Phishing cheat sheet would be a better fit to add but I would appreciate feedback from the maintainers on whether this would be an appropriate enhancement, and if so, which cheat sheet(s) would be the most suitable location before I prepare a pull request.
I have reviewed many Cheat Sheets whether this topic is present elsewhere in Phishing Cheat Sheet and other cheat sheets related to this like Authentication cheat sheet, MFA cheat sheet, credential stuffing, user privacy protection, TLS cheat sheet and some cheat sheets but I did not find any guidance about this topic.
I would like to propose adding a concised section about Typosquatting or look-alike domains which can lead to credential theft, session compromise, or supply chain compromise, and then refer readers to authoritative external guidance.
References include:
CISA guidance on software supply chain security and typosquatting.
Other authoritative industry guidance where appropriate.
The goal is to improve awareness while keeping the Cheat Sheet focused and avoiding duplication of existing content.
It seems Phishing cheat sheet would be a better fit to add but I would appreciate feedback from the maintainers on whether this would be an appropriate enhancement, and if so, which cheat sheet(s) would be the most suitable location before I prepare a pull request.