Definition of Typosquatting
Typosquatting is a type of stealing people’s personal information and accounts by using fake websites which are created by intentionally mistyping the name of the real website.
To illustrate, a fake website domain such as “godreads.com” for “goodreads.com” could be created to mislead the careless users to a fake site. Sometimes, it happens in the form of missing letter as it is in our example; changing the order of letter like “goodraeds.com”; or using .org, .net, .co or .cn instead of real extension of the website.
Users are in some cases unaware of their typo errors and end up in visiting the fake site which has the similar appearances, exact forms, and log in functions.
Purposes of Typosquatting
It is usually the case that when users give their account details to those sites, they immediately visit the real site, change your account settings, and start using it according to their own agenda.
Yet, in some cases this type of cyberattack is carried out in e-commerce sector. The aim would be directing a customer to another site to buy the product.
In some cases, typosquatting can be made use of in order to spread a virus to your computer or the company network in which you have the computer. However, according to some researches, in few cases, it can be used to advertise a something (a product etc.) instead of cyberattack.
How to Protect Ourselves
There are couple of simple measures against typosquatting:
- People should be very careful when typing the names of the websites they are trying to visit and check if there is any SSL protection with https instead of http.
- It is always a risk to click on the links on the emails from less trusted sources.
- Do not forget to update your virus protection and firewall on you PC.
- Companies should be protecting the name of their brand and search if any typosquatting sites exist or not. https://www.htbridge.com/radar/ can be visited to check the availability of a such risk against their brand.