Typos are usually small mistakes you make when you’re writing on your phone or computer. “Fat fingers” are responsible for writing “teh” instead of “the” and accidentally ending a sentence in “1” instead of “!”.
Unlike a simple typo when you’re messaging your friends, typosquatting is much more sinister.
What is Typosquatting?
It’s known as URL hijacking, sting sites, and fake URLs. Also commonly referred to as typosquatting, this practice is when cybercriminals take common spelling errors of a legitimate website to entrap would-be users into giving out private info. For example…
They might send you to g00gle.com instead of the real search engine; of course, real typosquatters tend to be a little more clever and unnoticeable.
Typosquatting might use something like:
- A common misspelling
- A likely misspelling
- Pluralizing a singular or vice versa
- Changing the top-level domain (.gov instead of .org)
- A foreign spelling or name for the domain (U.K. grey versus American gray)
Cybercriminals will even set up the site to look very similar to the original to further dupe visitors. Beware of where you’re inputting personal information, double-check URLs, and make sure the sites you’re visiting are secure.
How This Plays Out In Real Life
At its simplest, typosquatting relies on your (and other Internet users’) mistakes when searching for a site in your web browser.
For example, a typosquatter might register the domain name “gooogle.com” in the hope that someone will mistype “google.com” and end up on their site instead. The typosquatter could then use this site to trick users into giving up their personal information or downloading malware.
Why do they do this? As far as cyber-threats go, this one is a relatively low-cost and low-risk way for cybercriminals to target unsuspecting victims. It is also a relatively effective way to do so, as people are often careless when typing website addresses.
So how can you protect yourself from typosquatting?
- Be careful when typing website addresses. Double-check the address before you hit enter.
- Use a password manager to create and store strong passwords for all of your online accounts.
- Be wary of emails or pop-ups that ask for your personal information. Legitimate websites will never ask for this information over email or pop-up.
- Keep your operating system and software up to date. This will help to protect you from malware attacks.
This is just one of many, many threats lurking out in the world wide web. Human error is responsible for 95% of cyber-attacks, including those that start with a very small typo. If you think you entered the correct, trusted domain of your favorite website, you are more likely enter private information, like your account log-in, without thinking twice. That would be very dangerous if you were actually on a fraudulent site that’s one letter off!
To try and catch the most victims possible, most typosquats mimic URLs of major organizations like Microsoft, Apple and Google. That doesn’t mean that they won’t try to deceive you with lesser-known platforms, though, as that can be very effective for spear-phishing.
As always, the best defense is education and awareness! The more you know about what threats lurk on the world wide web, the easier it will be to recognize red flags out in the wild and take appropriate caution. Your data will thank you for the privacy!