What is Typosquatting?
Typosquatting, also known as URL hijacking, is a form of cybersquatting (sitting on sites under someone else’s brand or copyright) that targets Internet users who incorrectly type a website address into their web browser (e.g., “Gooogle.com” instead of “Google.com”). When users make such a typographical error, they may be led to an alternative website owned by a hacker that is usually designed for malicious purposes.
Hackers often create fake websites that imitate the look and feel of your intended destination so you may not realize you’re at a different site. Sometimes these sites exist to sell products and services that are in direct competition with those sold at the website you had intended to visit, but most often they are intended to steal your personal identifiable information, including credit cards or passwords.
These sites are also dangerous because they could download malicious software to your device simply by visiting the site. So you don’t even need to click on a link or accept a download for dangerous code to install on your computer, smartphone or tablet. This is called a drive-by download and many typosquatters employ this as a way to spread malicious software whose purpose is to steal your personal information.
In some cases, typosquatters employ phishing in order to get you to visit their fake websites. For example, when AnnualCreditReport.com was launched, dozens of similar domain names with intentional typos were purchased, which soon played host to fake websites designed to trick visitors. In cases like this, phishing emails sent by scammers spoofing a legitimate website with a typosquatted domain name make for tasty bait.
In order to protect yourself against typosquatters, I recommend you:
- Pay close attention to the spelling of web addresses or websites that look trustworthy but may actually be close imitations of the online retailer you are looking for.
- Instead of typing the web address into your computer, make sure you have a safe search tool, like McAfee® SiteAdvisor® which comes with McAfee® LiveSafe™ that provides warning of malicious sites in your browser search results.
- Don’t click on links in emails, texts, chat messages or social networking sites.
- Invest in a comprehensive security solution like McAfee LiveSafe™ service that protects all your devices, your identity and data.
There are more ways to scam people online than ever before. Your security intelligence is constantly being challenged, and your hardware and software are constant targets so make sure you stay educated and use common sense!
Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! (Disclosures)