Hackers are Typosquatting – and it’s Way more Malicious than it Sounds
Hackers really will stop at nothing these days to find new ways to compromise you and your information. The latest wave of popular attacks spreading around is called “typosquatting”, and all you have to do to avoid it is make sure you know how to spell. Should be easy, right?
Wrong. Because accidents happen. Even if your spelling abilities are otherworldly, typos just happen sometimes. In a “Typosquatting” attack, threat actors rely on users to commit a “typo” when entering a web address into their browser. The attackers hope potential victims accidentally add or change one letter in the web address they’re intending to visit. This would then direct them to a malicious website that looks like, but is not where the user intended to go.
It’s incredibly easy to mimic a website. By copying images, using similar fonts and color schemes, and putting in just a little bit of effort, attackers can recreate popular websites like PayPal, Google, Bank websites and more, with the user being none-the-wiser. These fake replica websites usually result in some sort of phishing attack, which results in your information being compromised.
Also known as “URL hijacking”, Typosquatting attacks are not a new phenomenon, however there has been a recent increase in their frequency. A recent report indicated that over 200 fake domains have been reported as impersonating legitimate websites or apps.
In addition to committing a phishing attack, these fake websites can also unleash ransomware and malware on to your system. In some cases, websites that are being faked to look like financial- or crypto-related institutions can even steal your money.
Typosquatting can create an unfortunate situation for an unsuspecting user, but the attacker also has to rely on a little bit of luck to trick the user. For instance, if the user makes a typo that is not one the cybercriminals had anticipated, neither party wins. Attackers won’t get their information, and potential victims go to a page that, in so many words, says you’re not where you’re supposed to be.
Bleeping Computer gave one example of Typosquatting. In their example, they make mention of a popular Windows text editor, notepad-plus-plus.org. However if an unknowing user accidentally types the letter “S” at the end of “notepad”, they’ll be redirected to a fake, malicious website.
The moral of the story is, use caution when surfing the web, especially if you’re typing in a site’s web address directly. Criminals have become so good at spoofing legitimate websites, that you can’t measure your online safety by appearance alone. To provide some sort of peace of mind, just take an extra second or two to proofread the URL to make sure it’s correct, or use a legitimate search engine like Google and just search for the site you’re trying to find. Both of these methods can offer extra layers of protection so that you avoid being a Typosquatting victim.
Story via Digital Trends