What is typosquatting?
Typosquatting is a form of cyber attack where cybercriminals register a similar, yet incorrectly spelled version of a legitimate website URL, assuming that some users will mistype the name in the address bar. When users misspell the website name, they are taken to a fake website that mimics the original brand, where their data may be stolen without realizing they are not on the legitimate site they intended to visit.
Let’s explore how this cyber attack works and what steps you can take to protect your business and customers.
Does typosquatting have any other names?
Yes! Typosquatting is also commonly known as URL hijacking and may be referred to as a “sting site” or simply a fake URL. Regardless of the name, the concept is the same: attackers target popular websites that collect sensitive customer data, exploiting misspellings or errors in website names to create similar-looking domains.
For example, a typosquatting attempt against Amazon.com could involve the domain Amazom.com, while HSBC.com might be targeted with HBSC.com.
Is typosquatting common?
There are notable examples of typosquatting, including a high-profile attack on Google.com through the site Goggle.com. The website operated from 2004 to 2007, causing significant damage.
“Once accessed, the domain would instantly download several viruses and other malware, spamming pop-ups—some containing inappropriate content. Additionally, it used the WMF exploit to install the rogue antivirus SpySheriff. The malware could severely damage the victim’s computer, potentially requiring an operating system reinstallation and leading to data loss.”
Interestingly, while the site has been taken down and similar forms blacklisted, Google acknowledged that ‘Goggle’ is legally not a misspelling of their name, as it is a valid word.
What other forms does typosquatting take?
Hackers leverage various methods under the broader category of cybersquatting, but typosquatting primarily focuses on misspellings. This threat targets users who directly type URLs into the browser’s address bar rather than using a search engine like Google or Bing.
When typing a URL manually, you must be precise, including the top-level domain (TLD). For example, dropping the ‘c’ in .com might lead you to .om, the TLD for Oman, landing you on a malicious website.
In other cases, attackers exploit regional or alternative TLDs. For example, users might mistakenly assume a business uses .com when it actually operates under .co.uk. Attackers purchase likely domains, set up fake websites, and wait for unsuspecting visitors.
Other examples of cybersquatting tactics include:
- Reordering words in the URL: For instance, bathbedandbeyond.com instead of Bed, Bath, and Beyond.
- Adding punctuation: Introducing a hyphen, like face-book.com, can confuse users.
- Inserting or omitting reasonable words: For example, ebaysell.com instead of ebay.com or Wikilearn.com instead of Wikipedia.com.
Is a homographic attack the same as typosquatting?
In many ways, a homographic attack is the opposite of typosquatting, but it also falls under cybersquatting. Here’s how it works: an attacker purchases a domain visually indistinguishable from the legitimate website by using characters from different alphabets or similar-looking letters.
For example, substituting a lowercase ‘l’ with an uppercase ‘I’ could trick users into thinking the domain is genuine. Unlike typosquatting, homographic attacks don’t rely on user mistakes. They often involve phishing emails with links that seem legitimate.
The best defense? Type the URL directly into the address bar rather than clicking on email links.
How can you protect against typosquatting?
There’s no foolproof way to eliminate this threat, but these best practices can help:
- Use a reputable search engine to locate websites.
- Avoid clicking on links in emails unless you’re sure of their source.
- Double-check the URL if typing manually, and stop immediately if the site appears unusual, poorly designed, or error-filled.
For businesses, proactive steps include:
- Purchasing similar domains and redirecting them to your primary website.
- Registering your brand as a trademark to strengthen your legal position against attackers.
Want more cybersecurity tips from Atera? Check out our recent webinar by our CISO, Oren Elimelech, filled with actionable ideas to secure your business effectively.
Conclusion
In conclusion, typosquatting is a prevalent and evolving cybersecurity threat that can have severe consequences for both individuals and businesses. By understanding how it works and taking proactive steps – such as carefully verifying URLs, avoiding email links, and securing similar domain names – you can reduce the risks and protect your online presence. For businesses, safeguarding your brand and customer trust is essential, and adopting comprehensive cybersecurity measures can make all the difference.
Related Terms
Smishing
Smishing involves fraudulent SMS messages that deceive users into revealing personal information or downloading malware.
Read nowExtended Detection and Response (XDR)
Extended Detection and Response (XDR) enhances security by integrating multiple tools for threat detection.
Read nowEndpoint Management
The complete guide to endpoint management, and how to manage endpoints efficiently for peak performance and security.
Read nowIP addressing
IP addresses are crucial for network communication, providing unique identifiers for each device and ensuring accurate data routing. Discover how they work and how to manage them effectively.
Read nowEndless IT possibilities
Boost your productivity with Atera’s intuitive, centralized all-in-one platform