Contents:
Typo Cybercriminals pray on our online mistakes, learning how to transform them into money better and faster. And one of the most common mistakes on the Internet is the lack of attention when we are typing. Due to our short attention span and the highly dynamic cyberspace environment.
From these small mistakes grew a specific type of threat on the Internet: typosquatting. This is a technique that takes advantage of typos made by users when typing domain names.
What is Typosquatting and How It Works?
Typosquatting is a form of cybersquatting (sitting on sites that are owned by someone else’s trademark or copyright) that relies on writing mistakes, or typos, made by Internet users when they input a domain address into a web browser. For example: “heimdalsecurite.com” instead of “heimdalsecurity.com”.
Often cybercriminals register such common misspellings as domains and try to trick users to land on the alternative website for malicious purposes. A visitor can reach a typo site by mistyping the name of a website or being lured there. Once on the site, the whole environment may compelle visitors to divulge their personal data or get infected with malware by simply accessing it.
A typosquatter’s site can mimic the logo, design, or even the legitimate site’s content, further tricking the user. Hackers use such malicious duplicates in phishing attacks, in order to convince targets to cave to the scam.
Companies can be impacted too by fake sites, losing money to cybercriminals that buy the domain, losing visitors to the typo clone, or even suffering major reputation hits related to another website that pretends to be the legitimate business.
Typosquatting is also known as URL hijacking, sting site, domain mimicry, or a fake URL.
Types of Typosquatting
The fake site resembling the legit URL will use one of these types of errors:
- A commonly used misspelling or spelling in a foreign language of the original domain. Users who type rapidly and inaccurately, or who rely largely on autocorrect, are extremely vulnerable to these domain kinds.
- Spelling errors are so heavily capitalized by cybercriminals that many firms register misspelled versions of their website’s name before anyone else does, and then redirect these misspelled versions to their actual homepage.
- A distinct top-level domain (.com, .org.). and an abuse of the Country Code Top-Level Domain (.cm, .co, .om instead of .com). To prevent this, many businesses register a range of top-level domains.
- Variation of plural or singular of the domain name.
How Typosquatting Can Be Used
Typosquatters can have several reasons for buying such a domain. And some of them can be harmless like pranks or parodies or a company can do this o prevent a hacker to buy the domain for malicious use.
But here are the most common motivations behind typosquatting done by cybercriminals:
- Making money by selling the typo domain to the legitimate brand.
- Generating advertising income by hosting advertisements or pop-ups.
- Forwarding traffic to a competitor of the real domain, and charging them on a cost-per-click basis.
- Sending traffic to the real domain itself but through an affiliate link, making money this way.
- Using it in a phishing scam, to convince the visitor to give up user credentials.
- Hosting drive-by malware or adware.
- Collecting e-mail addresses wrongly sent to the typo domain.
Examples of Typosquatting
Typosquatting affected many well-known companies over time, like Verizon, Lufthansa, and Lego. And usually, these types of incidents come with a high cost for the brand. It is known that Lego spent approximately US$500,000 to take down no less than 309 fake sites.
Typo sites can also affect celebrities. This list includes Madonna, Paris Hilton, Jennifer Lopez, basketball player Dirk Nowitzki, and actress Eva Longoria. Threat actors set up websites using variations of their names to host porn and ads, or for affiliate links.
Google search engine has been typosquatted by Goggle, a phishing site, since the mid-2000s. The site called yuube.com, targeted YouTube users with malicious purposes. In a similar case, www.arifrance.com targeted www.airfrance.com users but now is a warning page enabled by the company.
In a more cheerful example, comedian John Oliver registered domains like Equifacks.com (Equifax.com), Experianne.com (Experian.com), and TramsOnion.com (TransUnion.com) for his show Last Week Tonight.
And researchers found over 550 typosquatts referring to the 2020 U.S. presidential elections.
How to Stay Safe from Typosquatting
It may seem simple enough to get to the real site on the Internet, but the differences between a typo site and a real one can be very subtle.
The difference can be only one similar letter, or a number that has been introduced instead of a letter like in “heimdalsec0rity.com”. Another typical approach is to add or remove an “s” at the end of the domain name.
Some added or erased punctuation can also make a big difference in this case: “Heimdal-security.com” is not the same as “heimdalsecurity.com”.
Here are some measures that can keep you safe from typosquatted domains:
- Save important sites like your bank website, your go-to stores, etc. at favorites so you will not have to type their names in the browser.
- Alternatively, you can use voice recognition software to access popular URLs.
- Always check carefully what you type when you are searching for a domain.
- If your browser auto-completes the address you are searching for, this may be the safer option.
- Double-check every link you are clicking on, hovering over the link will show you what address the link will take you to.
- Don’t open suspicious attachments.
- As a business, we recomand to register the most obvious typo versions of your domain to avoid any illegal activity linked to them and then to redirect the traffic to your official site.
- Internet Corporation for Assigned Names and Numbers (ICANN) can help you find out how different domains use your company’s name.
- Use an SSL certificate to signal to your visitors that this is a legit site.
- Take down any typo domain linked to your business, and notify partners, clients, and employees about it so you will not lose their trust.
How Can Heimdal® Help?
Heimdal’s Endpoint Detection and Response offers unrivaled prevention, threat-hunting, and remediation capabilities. It combines six solutions in a single easy-to-deploy and compact agent that will not delay your systems and will help you save significant time.
We integrated all our solutions into a unified dashboard and work together to deliver an enhanced EDR solution (Endpoint Prevention, Detection, and Response). This combines DNS filtering, Automated Patch Management, next-gen Antivirus, and Privileged access management.
Having a complete overview of your environment, within a single interface, will greatly improve your cybersecurity and minimize the attack surface.
Heimdal® DNS Security Solution
- Machine learning powered scans for all incoming online traffic;
- Stops data breaches before sensitive info can be exposed to the outside;
- Advanced DNS, HTTP and HTTPS filtering for all your endpoints;
- Protection against data leakage, APTs, ransomware and exploits;
Wrapping Up…
As you can see, it is very easy to be the victim of a typosquatter, as small typing mistakes are an ingredient of everyday life on the Internet. And let’s not forget that to register a domain is no hard job. In consequence, a cybercriminal can have a typo site linked to your business right now.
All these may be gloomy news, but, fortunately, to avoid all the fuss, money loss, and possible reputation damage, you can follow these simple rules that will keep you safe.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, YouTube, and Instagram for more cybersecurity news and topics.