Typosquatting: How Mistyped Web Sites Lead To Malware and Scams

Ever type the wrong Web address by mistake? Did you know that cybercriminals snatch up typoed domains in order to create tempting lookalikes?

Typosquatting is the practice of registering a domain that is a typo of a common site, like goole instead of google or microsft instead of microsoft. Most people don’t notice typos, especially if they land on a site that looks similar to the one they expect. These lookalike sites can contain everything from computer viruses to password harvesters. They can harbor ransomware and fleeceware, costing consumers time and money. And they can be used to peddle fake apps and lure people into falling for tech support scams.

Security firm Sophos did an interesting study of typosquatting, and described a bait-and-switch situation in which you mistype apple.com and end up on a lookalike page that invites you to download iTunes. Except it’s not iTunes, it’s a site offering “unlimited music downloads.” And it doesn’t even give you that much, just access to some online forums of questionable value.

Another example of this bait-and-switch is the brand ripoff. Many of the typos for search engine Google go to search engines that aren’t Google, but use the Google logo and serve up “results” that earn clickthrough cash for the squatters. This type of brand hijacking can be devastating for businesses. Fake competitions and surveys also bring in the dough.

How can you avoid typosquatting?

  • Be careful what you type.
  • Check the address bar to confirm the site’s address.
  • Hover over links without clicking and look at the status bar at the bottom to see where they go.
  • Use a web browser security extension to warn you of malicious sites.
  • Use a password manager. Password managers can detect if you’re about to enter your password on a phony site.
  • Clear your browser history to remove mistyped links.
  • Bookmark sites you use frequently instead of typing them in.
  • Don’t try to click through a mistyped site to get to the real page, even if you are offered a link to do so. Erase your browser history, quit, and try again.

Subscribe to Simple Tech Tips by email for free weekly computer news plus links to my latest feature articles and blog posts. Or, become a paid member and receive all of my free content plus weekly step-by-step guides and exclusive tips!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s