Typosquatting (a.k.a. URL hijacking or sting site) is a form of cyberattack that involves taking advantage of misspelled or typographical errors made when entering a website address into a web browser.
For example, if someone misspells the name of a well-known website—such as “googlle” instead of “google”—the typosquatter may own the domain name www.googlle.com, and could potentially direct visitors to another site altogether.
Typosquatters often register these domains with the intent of receiving traffic from people who make accidental visits, or in an attempt to phish for personal information from users who believe they are visiting the legitimate site. While there are some measures you can take to protect yourself from becoming a victim, it’s ultimately up to the individual web user to be vigilant and proactive in this regard.
In this article, we’ll discuss how typosquatting works and share a couple tips on how to avoid it.
How Does Typosquatting Work?
Typosquatting is a technique used to gain traffic or revenue by taking advantage of typographical errors made by Internet users. The scammer will create a website that is nearly identical to another, high-traffic site, but with a small typo in the web address. When an unsuspecting user navigates to the incorrect website, they are typically redirected to the legitimate site.
In some cases, however, the typosquatter will set up pop-ups or ads on the bogus site that lead users to affiliate programs or other moneymaking ventures. Because typosquatters often register misspelled domain names very close to popular addresses, it can be difficult for people to distinguish between the two.
Here are a few different kinds of typosquatting:
Typos:
Mistyped web addresses of well-known brands in the address bar, such as “faacebook.com."
Misspelling:
Misspelled domains are a very common occurrence. For example, ”www.gmial.com.”
Wrong Domain Extensions:
As more top-level domain (TLD) names are added, so does the likelihood of typosquatting sites. An example here would be google.co. Another common domain extension error is typing ".com" instead of a ".org"
Abuse of Country Code Top-Level Domain (ccTLD):
twitter.cm vs twitter.com leading a person who left out a letter away from the real site.
What Are the Dangers of Typosquatting?
People often make typographical errors when they type in a URL. This can lead to them accidentally visiting a fake site. Once they’re there, the cybercriminal can try to install malware, ransomware, or steal credit card numbers. They may also phish for personal information, such as social security numbers or passwords.
Typosquatting is just one of the many dangers that people face online. By being aware of the risks, you can help protect yourself from becoming a victim of cybercrime.
How to Protect Yourself and Your Business from Reputational Damage
Unfortunately, there’s no easy way to protect against this kind of threat. However, you can help prevent cybersquatting attacks from happening to you by following these steps:
- 1. Enable 2FA for better protection of your accounts.
- 2. Use a legitimate search engine to find the websites you need.
- 3. Never click on links from emails.
- 4. Pay attention to how domains are spelled, in URLs and email addresses before hitting "enter".
- 5. Check that site is served on HTTPS.
- 6. Bookmark sites you often visit to avoid typing out URLs.
- 7. Install suitable browser plugins that warn potential typosquatting domains on mistyped URLs.
If you’re worried about typosquatting attacks on your own organization, it can be helpful to:
- 1. Trademark your website domain.
- 2. Register common/different variations and typo errors of that domain.
- 3. Monitor your website traffic.
- 4. Implement two-factor authentication (2FA) for the safety of your customers.
- 5. Always use SSL certificates so that customers can verify site ownership.
- 6. Educate your users so that they're aware of common attacks.
Apart from cybersquatting and typosquatting attacks, there are many other security attacks that might affect you and your organization. It seems like hackers find new vulnerabilities to exploit people on the internet every day, which is why it’s up to us as users of technology to make sure our devices don’t have any holes in them!