TypoSquatting: Your Guide to Understanding this Cyber-Threat

October 6, 2023

Introduction

Typos are usually small mistakes you make when you’re writing on your phone or computer. “Fat fingers” are responsible for writing “teh” instead of “the” and accidentally ending a sentence in “1” instead of “!”.

Unlike a simple typo when you’re messaging your friends, typosquatting is much more sinister.

What is Typosquatting?

It’s known as URL hijacking, sting sites, and fake URLs. Also commonly referred to as typosquatting, this practice is when cybercriminals take common spelling errors of a legitimate website to entrap would-be users into giving out private info. For example…

They might send you to g00gle.com instead of the real search engine; of course, real typosquatters tend to be a little more clever and unnoticeable.

Typosquatting might use something like:

  • A common misspelling
  • A likely misspelling
  • Pluralizing a singular or vice versa
  • Changing the top-level domain (.gov instead of .org)
  • A foreign spelling or name for the domain (U.K. grey versus American gray)

Cybercriminals will even set up the site to look very similar to the original to further dupe visitors. Beware of where you’re inputting personal information, double-check URLs, and make sure the sites you’re visiting are secure.

How This Plays Out In Real Life

At its simplest, typosquatting relies on your (and other Internet users’) mistakes when searching for a site in your web browser.

For example, a typosquatter might register the domain name “gooogle.com” in the hope that someone will mistype “google.com” and end up on their site instead. The typosquatter could then use this site to trick users into giving up their personal information or downloading malware.

Why do they do this? As far as cyber-threats go, this one is a relatively low-cost and low-risk way for cybercriminals to target unsuspecting victims. It is also a relatively effective way to do so, as people are often careless when typing website addresses.

Conclusion

So how can you protect yourself from typosquatting?

  • Be careful when typing website addresses. Double-check the address before you hit enter.
  • Use a password manager to create and store strong passwords for all of your online accounts.
  • Be wary of emails or pop-ups that ask for your personal information. Legitimate websites will never ask for this information over email or pop-up.
  • Keep your operating system and software up to date. This will help to protect you from malware attacks.

This is just one of many, many threats lurking out in the world wide web. Human error is responsible for 95% of cyber-attacks, including those that start with a very small typo. If you think you entered the correct, trusted domain of your favorite website, you are more likely enter private information, like your account log-in, without thinking twice. That would be very dangerous if you were actually on a fraudulent site that’s one letter off!

To try and catch the most victims possible, most typosquats mimic URLs of major organizations like Microsoft, Apple and Google. That doesn’t mean that they won’t try to deceive you with lesser-known platforms, though, as that can be very effective for spear-phishing.

As always, the best defense is education and awareness! The more you know about what threats lurk on the world wide web, the easier it will be to recognize red flags out in the wild and take appropriate caution. Your data will thank you for the privacy!

Most Recent Post

Guide to Improving Your Company’s Data Management

Guide to Improving Your Company’s Data Management

Data is the lifeblood of modern businesses. It fuels insights, drives decision-making, and ultimately shapes your company's success. But in today's information age, data can quickly become overwhelming.Scattered spreadsheets, siloed databases, and inconsistent...

“Knowledgeable, reliable and trustworthy”

In addition to being knowledgeable, reliable and trustworthy, he’s very friendly and accessible. Would definitely use his services again.

Nyshie Perkinson

Senior Media Specialist, Center for Biological Diversity

Related Articles

Don’t Risk It! Why You Shouldn’t Skip Vulnerability Assessments

Don’t Risk It! Why You Shouldn’t Skip Vulnerability Assessments

Cyber threats are a perpetual reality for business owners. Hackers are constantly innovating. They devise new ways to exploit vulnerabilities in computer systems and networks.For businesses of all sizes, a proactive approach to cybersecurity is essential. One of the...

7 Common Pitfalls When Adopting Zero Trust Security

7 Common Pitfalls When Adopting Zero Trust Security

Zero Trust security is rapidly transforming the cybersecurity landscape. It moves away from traditional perimeter-based security models. In this approach, every connection attempt is continuously verified before granting resource access.56% of global organizations say...

4 Ways Small Businesses Can Leverage Copilot for Microsoft 365

4 Ways Small Businesses Can Leverage Copilot for Microsoft 365

What are some of the key differentiators that can propel small businesses forward? They include efficiency, productivity, and innovation. Microsoft has expanded the availability of one of its most dynamic tools to SMBs. A tool that can be a real game-changer for...