This playbook provides systematic procedures for investigating misspelled domains and collaborating with the organization’s legal department for take-downs. Typo Squatted domains are intentionally misspelled domain names that closely resemble legitimate ones. Attackers take advantage of spelling errors to lead them to an ill-intended website for financial exploitation or other malicious activities.

The Typo Squatted Domains are reported to the Security Operations Team from different sources like Digital risk protection solutions (Digital Shadows) and Threat intelligence platforms (Anomali Threatstream). After a security incident is created, this solution helps identify whether the domain is indeed a Typo Squatted Domain. If it’s a Typo Squatted Domain, the analyst can report it to the legal team so that further actions can be taken.

The workflow is created based on an existing playbook, which provides a consistent and efficient approach for incident investigation. Each decision point in the playbook has been converted into an outcome-driven task and the flow changes direction based on the outcome of such tasks.