Cyber attackers are constantly developing and employing new or lesser-known tactics, designed to trick unsuspecting digital users into revealing private information or credentials. One such instance is typosquatting, which tries to lead individuals onto malicious sites – with URLs that are misspelt versions of legitimate ones.
Harmful websites like the ones used in typosquatting attacks can cause significant damage to businesses and other organisations, as the attackers often gain access to victims’ sensitive details, such as logins or payment methods. All members of staff within an organisation need to be aware of the risks of typosquatting and how to protect themselves against it. Read on for MailCleaner’s comprehensive guide to this particular kind of cyber attack.
What is Typosquatting?
Typosquatting, also known as URL hijacking or domain squatting, is a type of malicious cyberattack, where the perpetrator aims to deceive users by creating a URL very similar to that of a legitimate website. For instance, they will lead users to ‘www.gooogle.com’ rather than the genuine Google site, ‘www.google.com’.
The difference in the URL will often be so subtle that a user won’t even realise they’re not on the legitimate site until it’s too late. Sometimes, they may even simply change a punctuation mark or use a capital ‘I’ instead of a lowercase ‘l’ – which, as you can see, is a barely noticeable difference.
This is not a new kind of cyberattack but its prevalence has increased in the years since the COVID-19 pandemic, presumably to target people who now work remotely some or all of the time. It is also a lesser-known threat than things like viruses or phishing attacks, meaning it’s likely that more people fall victim to it.
What Do Typosquatters Aim to Achieve?
Typosquatters will often buy the illegitimate domain in order to display advertisements or redirect users to malicious websites. These sites will often masquerade as trustworthy ones such as online banking providers or reputable e-commerce sites. This leads users to feel comfortable revealing sensitive information – for example, login details or payment information.
While it is not the same as phishing, this tactic is used within phishing scams. Some typosquatters are motivated by financial gain but others will “play the long game” by capturing email addresses, which they might then sell on or target in spam attacks.
How Does Typosquatting Work?
Based around the manipulation of other web users, iIf a user makes a mistake while typing a domain name and fails to notice it, they may accidentally end up on an alternative website set up by the cybercriminals – a typosquatting trap.
One of the most famous instances of this criminal act occurred in 2006, when Google was the victim of typosquatting by the site ‘Goggle.com’. Prompting a number of similar copycat attempts, foogle.com, hoogle.com, boogle.com, yoogle.com, toogle.com, and roogle.com were set up in response, due to their close physical proximity to the correct letter ‘g’. This can be a major cybersecurity risk, especially if your business gets a large volume of traffic. Interested in learning more about the specific forms of typosquatting? Details of the 8 main offenders can be found below:
Typos
Surprisingly common and just as easy to fall for, mistyped web addresses of well-known brands can appear legitimate at first glance, with web addresses such as “faacebook.com” just one example. Those who type quickly and carelessly, or rely too much on autocorrect are especially prone to these domain scams.
Misspelling
MIsspelled domains aren’t a rarity, especially if the domain name is an invented word with dubious spelling, such as “gooogle.com”. Internet users may hear or read the wrong name, consequently making an error in writing down the term they have just heard or seen. Whether imitating Facebook, PayPal or eBay, there are plenty of popular sites for perpetrators to target.
Wrong domain extensions
Common domain extension errors include typing “.com” instead of “.org” or “.co.uk”, and all it takes is a lapse in concentration to accidentally mistake this section of the address. There are a lot of different domain endings for various countries, not to mention kinds of organisations such as .web or .club – providing further opportunities for typosquatting.
Alternative spellings
Users may be misled by the abstract spelling of services. The largest number of Typosquatting domain names are in fact registered with alternative spellings. Be that with extra letters, plurals or hyphenated phrases. One example of this could be “TikTok.com” wrongfully being spelt as “TickTock.com”.
Hyphenated domains/combosquatting
The use of a hyphen in a domain name may cause some confusion, and typosquatters exploit this by registering domain names with a hyphen added. Popular brands that could realistically be hyphenated are often targeted, for example, e-bay.co.uk instead of eBay.co.uk.
Supplementing popular brand domains
If well-known brands are supplemented with appropriate words, they may produce a legitimate-sounding typosquatted domain name, such as “Microsoft.com” being altered to “MicrosoftShop.com”. When the sites of well-known companies are altered with appropriate words, they may appear genuine.
The Dangers of Typosquatting
Sophisticated typosquatting is often used to trick users into visiting fake or malicious sites posing as popular online services. This can result in:
Unauthorised access to accounts
An unsuspecting amateur internet user may be tricked into thinking they are typing in the correct domain name, before entering their regular login details unaware of any danger. Scheming typosquatters can use these credentials to access users’ accounts, which means they could access everything from social media to bank accounts.
Malware and adware
Online attackers could host dangerous content within typo domains, containing malware or adware. Typosquatters can use this to take advantage of users who type in the address looking for an online banking website, or any other site that requires sensitive login credentials, such as medical practice sites.
Spamming
Typosquatters can use typo domains as part of Spamming attacks where they might send out emails pretending to be from well-known brands, and these phishing emails can often trick users into believing they are from a reputable source. It is advisable to always double check details when receiving an unexpected email from a seemingly legitimate source.
Typosquatting Protection Checklist
While this sounds like a very concerning threat, there are steps you can take to protect yourself and your organisation against typosquatting attacks. Here’s a helpful checklist to help you ensure your information remains safe and secure:
- Use antivirus software to protect against malware and adware threats.
- Always check the URL before divulging sensitive information such as logins, payment methods, or contact details. If something doesn’t look right, close the tab or even your browser and open up a new browser window.
- Take extra care to check domain names when using a voice assistant to interact with your device.
- Look out for your browser’s “Did You Mean?” feature. This can help to direct you to the legitimate version of a website, rather than the malicious one that attackers want you to visit.
- Use a password manager to securely store and remember complex login details. When you save a password, the password manager will also save the associated URL, meaning it’ll be much more obvious when you aren’t on the same site as you previously visited.
- Make sure you always use strong passwords with letters, numbers, and special characters. Don’t use any common words or phrases, or anything personal to you that can be easily guessed.
- If you think you’ve fallen victim to typosquatting, change your password immediately and flag it with your organisation’s IT department (or, if you don’t have an IT department, tell the person closest to it – e.g. an Office Manager).
- Look for SSL certificates and check the “Hostname” whenever you’re likely to be revealing private or sensitive information. This will help you to ensure that you’re on the correct, legitimate version of the website.
- Use anti-spam software to filter out malicious emails that could result in falling victim to a typosquatting attack.
MailCleaner: Safeguarding Your Workforce
With More than 26 years of experience in protecting large workforces, organisational staff, government officials and students, MailCleaner is certainly a recommended solution for any company. Everyone from senior figures within small businesses, to IT stakeholders within large corporations can benefit. Our anti-spam software provides the best virtual enterprise protection around.
From regular annoying email spam, to viruses acquired from typosquatting scams, our software is guaranteed to be the blocker for any unwanted files or messages – virtual cloud based solution or otherwise. Contact us today for advice and guidance, as we would be more than happy to help!