We’ve all done it. Looked at a word and only assumed it’s that word because the letters are the same only misplaced… or it’s SO close, off by only one small letter… Gooogle, Googel, Googlee, etc. Dyslexia kicking in, or just plain laziness? It’s hard to tell sometimes.
At first glance, for a busy person on a busy day, it reads Google, and we click. That’s our first mistake. Because we really just clicked on Googl.com.
This is called Typosquatting.
Typosquatting “is when third parties buy variants of domain names based on simple and common spelling errors,” like our above examples. “Most of these typo-domains are either purchased for resale, redirect to a real offer in a shady way, or take you to a minefield of advertising,” but often they’re used for malicious intent.
Sophos Labs’ recent study found “roughly 2.7 percent of 15,000 domain names probed directed users to websites associated with some form of cybercrime, including hacking, phishing, online fraud, or spamming.” Why is it important that we pay to utmost attention to detail? Because there are more than 360 million registered domain names…
Watch your spelling!
Without attention to detail, someone could miss the site name Reddit.co (.co = domain name suffix for Colombia), which even had an SSL certificate and displayed a green lock simple indicating it was secure, and was not in fact Reddit.com but a spoofed site in 2018.
Reddit.com is one of the five most visited sites in online, can you imagine the web traffic the faux site received?
In 2016 this happened to several other well-known companies, only the unsuspecting victim acquired malware when Netflix.om or Citibank.om was typed in (.om being the domain suffix for Oman). Thousands of networked domains use .cm, the suffic for Cameroon, and major brands like Hulu and Netflix “generated nearly 12 million visits over a three-month period.”
The very real, very dangerous problem about typing in your credentials to a spoofed site, is that a recent study found “65 percent of respondents use the same credentials for most or all of their accounts.” That’s a hacker’s main point of entry, and a company’s unfortunate downfall.
Brandjacking is different than hacking, typosquatting is re-direction, “whitehouse.org is the most famous example, which has been parodying the official Whitehouse.gov website since the early 2000s.”
Inc. advises companies to be proactive and acquire as many “similar or related domain names as possible,” to avoid typosquatting, “buying the most obvious domain squats is a minor investment for the mitigation of a major risk.”
Dealing with cyber-espionage such as typosquatting can be difficult, but cybersecurity doesn’t have to be. Contact us today for advanced cyber-threat protection [email protected]
Image Source: https://www.canva.com/design/DAECERFEQeI/G4qmIku-IBtY8ePRY1pzeQ/edit?category=tACFajEYUAM