Sorry, you need to enable JavaScript to visit this website.

What You Need to Know about Typosquatting

Summary
Houseworkers
This article explains how a type of social engineering attack named typosquatting works and how to avoid it.

Do you save all URLs of the websites you regularly visit? Have you ever made a typo while writing a web address, by adding or deleting a character? If you have done it inadvertently, you could have fallen into a dangerous trap and faced lots of trouble and harassment, as a result of an attack called sometimes typosquatting attack, which means occupying something illegally.  

 

What Is Typosquatting?  

It is a type of online theft that targets internet users who incorrectly type a URL into their web browser, such as Gooogle.com instead of Google.com, and end up at an alternative fake website that is designed to defraud them or steal their data.          

Hackers guess what type of spelling errors people are likely to make while typing a URL. They then purchase a URL that contains these misspellings and build it in such a way as to emulate the look and content of the real website, so that you don’t easily realize you’re visiting a fake one. It’s common for such websites to sell products and services that directly compete with and are very similar to those of the real website, but its real purpose is to steal your personally identifiable information, including credit cards or passwords.  

 

How Does Typosquatting Work?  

First, cybercriminals buy and register a website that is very similar to the real one that might look like a popular website. Some also may buy multiple URLs to ensure that the scam is caused by different ways. The real users start visiting the site after typing the fake URL by mistake, or by being lured there by a phishing email that contains links to the typosquatted website.  

This doesn’t seem to be dangerous, but typosquatting is one of the earliest and most famous phishing attacks that had among its victims celebrities and major websites, including Google, the popular search engine, which in 2006 was typosquatted as Goggle.com (you can see the similarity of letters), but the necessary measures were taken later on, as the online data security warnings increased.   

 

Common Errors:  

Spelling Errors:  

They are always used in online scams- almost every trademark and industry we observe is a target for those attacks – and are the most common when entering the search information or typing the website name. They might be the product of our rushed day-to-day lives, especially for those who usually type quickly and imprecisely or rely heavily on autocorrect and thus are prone to becoming victims of such crime.  

 

Alternative Spellings :

 If the web address contains a word that is spelled differently in other countries, this could lead to a user inadvertently typing a wrong URL, particularly the alternative spelling options of common product names or services which have the potential to confuse internet visitors.  

Also, a common type of typosquatting is to hyphenate a URL, so that users think this is the genuine site, or add extra words, or use similar-looking characters to camouflage the fake name.  

  

Wrong Domain Endings:  

The range of domain endings for different countries, such as .com, .co.uk, .cn, etc, and also for different types of organizations – i.e. .com, .org, .web, .shop – creates further scope for typosquatting.   

 

Goals of Typosquatting

This type of scam has several goals. For example, the fake website would sell you something you might want to buy from the genuine website, but once the payment is made, you don’t receive the item you want, or would provide to the visitors a fake comment form or survey to steal their personal data, login credential or emails, or would redirect traffic back to the brand site through affiliate links in order to earn illegitimate funds or steal data, or even worse, would install malware or advertising software on the visitors’ devices.         

 

How To Avoid Scams?  

  • Always avoid clicking on links in unexpected emails, text messages, chat messages or on websites. Also, be careful when clicking on links on social media.  
  • Don’t open email attachments unless you are sure of the source and sender.  
  • Always use antivirus software to monitor and protect against malware, as it helps you detect threats in all fields and provide malware protection. 
  • Carefully check URLs before clicking on them. Make sure to look for missing or extra letters and words and to look for misspellings.  
  • Bookmark your favorite websites so you can visit them directly without having to type their URLs into your web browser.  
  • Use a safe search tool or engine instead of typing URLs directly.  
  • When searching via popular search engines, use the usual organic search results that first appear on the first page. Follow white hats or use search engine optimization (SEO) where the appearing links are safer.    

 Finally, the key to preventing typosquatting is constant vigilance. After all, it highly depends on us as humans by avoiding making errors.    

Last edited
29-07-2024
Reading time
4 minutes

Call to Action

Like with any social engineering and phishing scam always make sure to think and be skeptical before clicking on any links from any email or messages.

External Resources