Users may be tricked into entering sensitive details into these fake sites. For organizations victimized by these attackers, these sites can do significant reputational damage.
Typosquatting is a type of social engineering attack which targets users who incorrectly type a URL into their web browser rather than using a search engine. Typically, it involves tricking users into visiting malicious websites with URLs that are common misspellings of legitimate websites.
In this blog, we will go into further detail how typosquatting works and the different types, the difference between cybersquatting and typosquatting, and some ways to protect yourself and your business from these attacks.
How Does Typosquatting Work?
Also known as URL hijacking, typosquatting is a malicious attack that targets users who incorrectly type a website address in their web browser (ex: “Gooogle.com” instead of “Google.com”). Users can also be lured into typosquatting attempts through phishing attacks.
These attacks start with hackers buying and registering a domain name that is a misspelling of a popular website. For example, instead of purchasing example.com, the hacker might buy “examplle.com” or “exmple.com”.
Sometimes these sites exist to sell products and services that are in direct competition with those sold at the website you had intended to visit, but most often they are intended to steal your personal identifiable information, including credit cards or passwords.
When staff members make this type of mistake, they could be led to an alternative website owned by a hacker that is designed for malicious purposes. Cybercriminals will emulate the look and feel of the sites they are trying to mimic, hoping that unsuspecting employees will sign into them.
For the most part, typosquatting relies heavily on confusion or simply human error like typos, spelling errors, alternative spellings, hyphenated domains (ex: shopping-online.com), and different domain endings (ex: .com, .uk, .cn,).
What Are Some Different Typosquatting Attempts?
Most typosquatting attacks will come in form of imitators – a scam website spelled differently that passes itself off as the real thing. However, there any other attempts that hackers will try to implement.
Hackers like to almost always have opportunities for money or giveaways to lure users to click their site. They may monetize traffic by hosting ads or pop-ups to generate revenue from visitors. Cybercriminals will set up fake survey sites to pretend like they are gathering customer feedback. The real purpose is to collect enough information or data to carry out identity theft.
Some typosquatting attempts will redirect traffic back to the brand through affiliate links to earn a commission from all purchases by taking advantage of a brand’s legit affiliate program. Some typosquatting sites are strictly joking sites, and the only purpose is to make fun of the existing site that the person is visiting. The motivation, in this case, is usually a former employee that wants revenge, or a customer that feels they were mistreated in some way.
There is also the bait and switch method. In this case, the fake website tries to sell a staff member something they have bought before at the real website. Because these purchases look like the real thing, they can be difficult to dispute on a bank statement. The employee does not get the item needed for production, and they still are on the hook to pay for it.
Cybersquatting vs Typosquatting
A similar attack to typosquatting is cybersquatting, also known as domain squatting. Companies want to protect their customers and brands; many feel obligated to buy URLs from cybersquatters.
With cybersquatting, a scammer buys URLs that have similar spellings to other websites and brands, like typosquatting attempts. Typically, the motivation is not to build a website at the address but to sell the URLs to the owners of the real website or brand for maximum profit.
Cybersquatters want to make easy money. Typosquatters go further by wanting to hack into a person’s computer, so the victim is vulnerable to identity theft and security breaches.
How to Protect Yourself Against Typosquatters
It is important that your team know to avoid clicking on links in unexpected emails, text messages, chat messages, or unknown websites. Hover over links and look at the URLs carefully before clicking on them. Be sure that you and your staff look for missing or extra letters, words, incorrect spelling, hyphens, and the end of the URL (“google. co” instead of “google.com”).
When navigating websites, it may be helpful to bookmark sites that you use every day. If there is a website you are unsure of, it is also recommended to search for the site in Google. If it is a typosquatting attempt, the correct site will come up first in the results.
Your IT team should have a solid antivirus program in place to monitor and protect against any malware that may come from typosquatting attempts.
An excellent antivirus client should include emergency and periodic scans, frequent updates, and it should have a comfortable user interface. It should be light on resources, so it does not slow down your computer’s other important programs.
As a business owner, you should make it a priority to purchase important and obvious typo domains and redirect these to your website. If possible, register other country extensions, alternate spellings, and variants with and without hyphens. All these examples can be rerouted to the actual website with the help of redirects.
Typosquatting attempts are designed to trick the unsuspecting eye. The internet has become such a convenience that many people click links and websites without thinking. This can be a goldmine for hackers. Most if not all these attacks can be prevented by practicing basic internet safety.
You and your IT team can help develop a strategy to educate your staff on common internet scams and phishing attempts. Different departments should know what to look for in their line of work.
If you or a member of your team does become a victim of a typosquatting attack, having a solid antivirus program in place can eliminate most of the malware that gets installed on the machine.
Most hacking attempts are initiated by the victim; hackers can’t hack if no one clicks the link!