Imagine you’re in a hurry at work to find some financial information. You quickly type the URL of your company’s bank into your browser. In your rush, you accidentally misspelled one letter in the address. Instead of landing on the legitimate site, you end up on a slightly different website that looks eerily like the one you meant to visit. If you’re not careful, you’ll become the victim of typosquatting.
In this article, we’ll discuss how typosquatting works and share tips on how to avoid it.
What is Typosquatting?
Typosquatting (also known as URL hijacking or sting site) is a form of cyberattack that takes advantage of misspelled or typographical errors made when entering a website address into a web browser.
The scammer who set up this ploy, known as typosquatters, may register these domains with the intent of receiving traffic from people who accidentally visit them. Or they might phish personal information from users who believe they are visiting a legitimate site.
While there are measures you can take to protect yourself from becoming a victim, it’s ultimately up to the individual web user to be vigilant and proactive.
Example
If someone misspells the name of a well-known website – such as “googlle” instead of “google” – the typosquatter may own the domain name www.googlle.com.
How Does Typosquatting Work?
Typosquatting is a technique used to gain traffic or revenue by taking advantage of typographical errors made by Internet users. The scammer will create a website that is nearly identical to another, high-traffic site, but with a small typo in the web address. When an unsuspecting user navigates to the incorrect website, they are typically redirected to the legitimate site.
In some cases, however, the typosquatter will set up pop-ups or ads on the bogus site that lead users to affiliate programs or other moneymaking ventures. Because typosquatters often register misspelled domain names very close to popular addresses, it can be difficult for people to distinguish between the two.
Typosquatting Examples
1. Typos
These occur when a user mistypes a URL by adding, omitting, or rearranging letters in the domain name, such as typing “faacebook.com” instead of “facebook.com.”
2. Misspelling
This involves registering a domain that is a common misspelling of a popular site, such as “gmial.com” for “gmail.com.” This preys on common typing errors that users might make.
3. Wrong Domain Extensions
As more top-level domain (TLD) names are added, so does the likelihood of typosquatting sites. This type of typosquatting takes advantage of confusion over the numerous domain extensions available. Registering “google.co” instead of “google.com” or using “.com” when the legitimate site uses “.org” are examples where the typosquatter bets on users forgetting the correct extension.
4. Abuse of Country Code Top-Level Domain (ccTLD)
This involves registering a domain that looks like a well-known site but uses a different country code, like “twitter.cm” instead of “twitter.com.” This exploits errors where a user might accidentally omit or mistype parts of a domain extension.
What Are the Dangers of Typosquatting?
Making typographical errors when typing in a URL is common. This can lead to people accidentally visiting a fake site. Once they’re there, the cybercriminal can try to install malware, ransomware, or steal credit card numbers.
They may also phish for personal information, such as social security numbers or passwords. Typosquatting is just one of the many dangers that people face online. By being aware of the risks, you can help protect yourself from becoming a victim of cybercrime.
How to Protect Your Business from Reputational Damage
Unfortunately, there’s no easy way to protect against this kind of threat. However, you can help prevent cybersquatting attacks from happening to you by following these steps:
- Enable 2FA for better protection of your accounts.
- Use a legitimate search engine to find the websites you need.
- Never click on links from emails.
- Pay attention to how domains are spelled, in URLs and email addresses before hitting “enter”.
- Check that the site is served on HTTPS.
- Bookmark sites you often visit to avoid typing out URLs.
- Install suitable browser plugins that warn potential typosquatting domains on mistyped URLs
If you’re worried about typosquatting attacks on your organization’s website, it can be helpful to:
- Trademark your website domain.
- Register common/different variations and typo errors of that domain.
- Monitor your website traffic.
- Implement two-factor authentication (2FA) for the safety of your customers.
- Always use SSL certificates so that customers can verify site ownership.
- Educate your users so that they’re aware of common attacks.
Apart from cybersquatting and typosquatting attacks, there are many other security attacks that might affect you and your organization. It seems like hackers find new vulnerabilities to exploit people on the internet every day. Which is why it’s up to us as users of technology to make sure our devices don’t have any holes in them!
Need Cybersecurity Assistance?
Our IT experts can help you protect your organization against phishing attacks related to typosquatting and other cyberattacks. Teal offers responsive and secure managed cybersecurity services to SMBs nationally. Other services include:
If you’re interested in learning about our premier IT strategies, contact a Teal business technology advisor today.