When people are writing documents or sending out important emails, they tend to look at what they’re typing more closely. But when it comes to typing in a website, people can absentmindedly mistype a URL or make a typo while they’re in a rush. It may not seem like a big deal, but this mistake can lead users to fake websites that contain malware. Users who visit these typosquatting domains might not even realize they’re fake websites and end up giving up their credentials or personal information to hackers. Furthermore, these websites can also include drive-by downloads which can install malware onto computers without a person’s knowledge.

Source: Cisco

What is Typosquatting?

Typosquatting is when hackers purchase similar looking domains to legitimate websites with the hopes that a typo will lead unsuspecting users to their websites (i.e. yahoo.ca vs yahooo.ca). These fake websites either spread malware to unsuspecting users or mimic real websites.

Last year, there was a network of typosquatting domains that ended in ‘.cm’ instead of ‘.com’. These domains copied a lot of popular websites such as iTunes and ESPN. In the first three months of 2018, almost 12 million users visited these malicious websites.

How Do People Fall Victim to Typosquatting?

Human Error: Users in a hurry or not paying attention can accidentally mistype URLs, which can lead them to malicious websites.

Phishing: Typically, a user will receive a phishing email warning them to update their account information. The bad actors will then urge users to click on a fake website. Often, these websites look exactly like the actual website they are trying to mimic. Hackers will not only spoof the website but also the sender email address to make it look more legitimate. Users who aren’t paying attention can be easily duped by these phishing schemes.

How Do I Protect Myself?

Register multiple versions of your domain name: Owning variations of your domain name can help avoid brand confusion and protect your reputation and customers. Consider common misspellings of your brand, acronyms, hyphens and singular and plural versions. For example, if you own animal.com, consider also owning: animals.com, animaal.com, ani-mal.com.

Bookmark links: To avoid mistyping a URL, save your frequently used websites on your bookmarks bar. That way, you can easily access them and ensure that they are not a fake website.

Hover over links: Hover over links and carefully inspect URLs instead of clicking on them. When inspecting a link, make sure you look for missing or extra letters/words, incorrect spelling, hyphens and the suffix of the URL (i.e. google.com vs google.mailru.co).

Use a secure email solution: It’s important to protect your email from all incoming threats such as phishing emails with malicious links. One of the ways you can do this is to implement a secure email solution like Secure IT – Mail. Secure IT – Mail has several security features that can protect against and detect threats like typosquatting.