Typo Squatting

While a lot of the mainstream press is calling this the latest attack vector, it's actually not new. Phishing attacks have long used the typo squatting method, basically relying on close, but misspelled domain names to capture personal information. The latest attack is being reported as new only because of they way the attack is implemented. Rather than imitating the domain's login page to capture login information from an unsuspecting user, the latest attack uses a pop up survey to collect personal identifying information, perhaps with the reasoning that an end-user will be less security conscious with a survey than they would with a fake login page.

As always, the best protection for threats like these is a good secure web gateway or web proxy, with the latest in malware and phishing protection. And because users aren't always on the organization's network, a good mobile or cloud solution should be available from your secure web gateway vendor as well.