10 January, 2017
Typosquatting, also referred as URL hijacking, is a type of cybersquatting attack in which the hacker takes advantage of commonly misspelled alphabets in a website’s URL. When a user makes a typographical mistake, such as entering ‘g’ instead of ‘h’ due to the proximity of both keys on the keyboard, he may get redirected to a spam website controlled by the hacker.
Cybercriminals often create bogus websites that have similar design and layout as the target website. This is done to ensure that the visitors do not realize that they have landed on another website. At times, typosquatting attempts may be intended to promote a competitors’ product or service but, in most cases, they are initiated to serve a malicious purpose.
Typosquatting attacks may be aimed at:
- Deceiving unsuspecting victims to reveal their personal identifiable information, such as username, password, social security number, bank account and credit card details. This may be done by compelling users to click on a pop-up advertizement that offers some sort of discount or giveaway.
- Tricking users into downloading spyware, malware or other malicious program on the computer system. Once you install the application, it may breach your network security, steal important data or record the keystrokes.
- Redirecting web traffic to a dating portal or competitor’s website.
- Freezing the user’s web browser for fake tech support scams to extract money in exchange of fixing the problem.
- Earning revenue by making users click on advertizements posted on the typosquat website.
How To Protect Against Typosquatting?
- Be very careful while typing a website’s URL in the browser’s address bar. If you are not sure about the spelling of the website, cross check it on Google or any other search engine to avoid inadvertently landing on a fake website.
- Do not open links sent in emails, particularly from unknown senders.
- Bookmark the most frequently visited websites so you can easily visit them whenever required.
- Get a comprehensive security software to protect against phishing attempts, spyware and malware attacks.
- Do not register with the same password on all websites. This way, if you accidently reveal your credentials on one website, it won’t affect the security of other online accounts.
- Business owners can consider purchasing multiple domain names similar to their primary URL to avoid being a victim of typosquatting.
For more details about the security risks of typosquatting and how to guard against them, feel free to contact Centex Technologies at (855) 375 – 9654.