Typosquatting Exposed

Social engineering has evolved into a powerful collection of techniques for cybercriminals to lure unwary individuals into disclosing their personal information and credentials. One such technique is typosquatting. In typosquatting, malicious websites redirect users to URLs that are misspelled versions of trustworthy and popular websites to trick the victims into visiting the malicious website. Suspicious websites can cause irreparable harm to the reputation of companies that have been compromised by typosquatting hackers. Plus, they can harm website visitors who are tricked into entering login credentials and other personal or financial information. The system admins and the internet users both need to be aware of potential risks and take precautions to reduce them. In this article, we will discuss what is typosquatting, how it works, and how to prevent it.

What is Typosquatting & How It Works

Typosquatting, or URL hijacking, is a type of social engineering attack which targets internet users who accidentally type the wrong domain name into their web browser and land on a malicious site. Hackers carry out typosquatting attacks by purchasing and registering a domain name that is similar to a popular website but spelled slightly differently. For example, microsoft.com might be typosquatted as micr0soft.com. These cybersquatters even go so far as to purchase multiple similar domains. For instance, they will buy misspelled domain names of googlle.com and gooqle.com to typosquat on google.com. The bad actors then create web pages for their phony misspelled domains that resemble or perhaps even exactly duplicate the legitimate website. But the catch is that what sits behind the familiar looking alternative website is not a trustworthy company but a nefarious cybercriminal. The most common bait for hooking victims of typosquatting are links embedded in phishing emails. Once unsuspecting users click the fraudulent link and visit the fake website, the typosquatting domain poses an imminent threat to the victim. Most malicious sites emulate real websites. They usually display the original website’s logo and design. The forgeries can be impossible to distinguish visually from the legitimate domains. Webpage visitors who fail to notice the typosquatted domain name and trust the legitimate-looking page end up divulging confidential information, including their username, password, bank account, and credit card information. The perpetrators use the purloined log in credentials and account information to gain access to the real website to order products, transfer money, and charge purchases, buy airline tickets, and so forth. Assuming the victim of the typosquatting attack uses the same username and password for more than one online account, the hacker can access the victim’s other accounts as well.

Threats Associated with Typosquatting

Typosquatting is on the rise, so much so that major corporations such as Apple, Microsoft, Facebook, and Google have either opted to register typographically error-prone versions of their domains or have blocked potential typosquatting domains through the services of ICANN (the Internet Corporation for Assigned Names and Numbers). Although not every typosquatting attempt has malicious purposes, many typosquatting domain names are registered with bad intentions. Using malvertising, cybercriminals build fake sites designed to download malicious software, run ransomware (like WannaCry), phish confidential information, and obtain credit card information. Typosquatted or typo domains are commonly used for:

Domain parking: (also known as domain squatting) After obtaining a typosquatted domain, the hacker tries to sell it for a high price to the brand owner of the legitimate domain. Cybersquatting can be a very profitable activity as it is cheap to register a typo domain for most TLDs.
Bait and switch: The mimicked scam website tries to sell you a product or service you would expect to find on the genuine site. The perpetrator collects your money but does not deliver the goods.
Imitators: Scam websites pretending to be the legitimate websites conduct phishing scams to steal credentials for the purposes of identity theft.
Related search results listing: Cybercriminals collaborate with unscrupulous business competitors to redirect traffic that would otherwise go to a real website through their typosquatted domain to the competitors’ website. The bad competitor pays the hacker for every misdirected user click.
Affiliate links: The fake site redirects traffic back to the authentic brand web address through affiliate links in order to earn a commission from all purchases via the brand’s legitimate affiliate program.
Monetize traffic: Fake website owners place advertisements or pop-ups to generate advertising revenue from the site visitors.
Install malware: The malicious website installs malware or adware on the devices of site visitors.

How to Prevent Typosquatting Attacks

Considering that typosquatting provides criminals with endless opportunities, it is important to determine how to handle this potential threat to your organization. While some manual actions can be taken against fake websites, technology is necessary for effectively and systematically eliminating URL hijacking and to protect user data.

1. Educate Employees to Pay Attention to Traps

Increasing awareness of typosquatted domains is an important tool to combat these threats. The first rule for your employees is to NEVER click links in emails to access a website address. Teach your staff to be more vigilant towards these scamming techniques. In lieu of clicking an email link, users should type the correct domain name into the browser address bar. Of course, an inadvertent incorrect spelling of web addresses can still lead to a typosquatted trap. So, a good practice is to bookmark the real site to avoid possible typos.

2. Register Your Trademark, Domain, and Extension Variations

If you are the owner of a trademark being victimized by hackers, you may file a Uniform Rapid Suspension (URS) complaint with the World Intellectual Property Organization in order to remove a site that you believe is luring users away from your website to a fake site. Be sure also to register variations of your domain like single-syllable, plural-syllable, and hyphenated variations as well as common extensions, including .com, .net, and .org.

3. Implement Next-gen Email Security

A modern email security solution can detect and block spoofing and typosquatting to prevent phishing attacks from reaching your users’ inboxes. If your employees don’t get the bait, they won’t bite. Don’t rely on firewalls and outdated Secure Email Gateways to protect your company, however. Hackers use sophisticated Artificial Intelligence and Machine Learning engines to create their phishing emails. You need AI and ML technologies in your security solution as well to stay ahead of the criminals. A multi-layered, cloud-based next-gen email security system is the only defense against today’s evolutionary attackers.

Choose Trustifi’s Inbound and Outbound Protection

Trustifi’s Inbound Shield technology automatically scans every email entering your system before it reaches the designated recipient. It employs AI, ML, and Optical Character Recognition (OCR) to search an email’s header, subject, body, and file attachments for the telltale signs of phishing, typosquatting, spoofing, impersonating, pretexting, and all other forms of email attacks. It quarantines every suspicious email and alerts the security team of a potential attack. If the threat is real, your users will never see the malicious email. Trustifi’s Outbound Shield solution likewise scans every email traveling through and out of your system before it reaches the internet. It looks for unusual behaviors in the message’s sender, including potentially sensitive information in the email content or file attachments and oddities in when, from where, and to whom the email is sent. Outbound Shield prevents employees from inadvertently including sensitive information in an email and blocks insider threats from exposing confidential and proprietary data. Trusifi’s email security solutions are specifically designed for small businesses and startups, typically the most vulnerable enterprises for malicious cybercriminals. Contact a Trustifi security advisor today to learn how quickly and affordably you can protect your company and your employees from typosquatters.

What Are The Top 5 Anti-Phishing Solutions of 2024?

What Are The Top 5 Anti-Phishing Solutions of 2024?

Organizations wanting to extend their email security strategy need to invest in anti-phishing software tools to help address ongoing potential threats from suspicious emails. Email attacks based solely on virus attacks are a thing of the past. Hackers continue to...

April 15, 2024

What Are The Top Microsoft 365 Phishing Email Examples in 2024?

Email Security Encryption

What Are The Top Microsoft 365 Phishing Email Examples in 2024?

Microsoft 365 (M365) is used by over a million companies worldwide, with over a hundred million customers in the United States using the Office Suite software alone. M365 is the brand name previously used by Microsoft for software applications that...