How Typosquatting Scams Work | McAfee Blog


Your teacher was right. Spelling counts, particularly to scammers.

Enter the world of typosquatting scams. Also known as URL hijacking, typosquatting scams target internet users who incorrectly type a website address into their web browser.

Scammers have long used typosquatting techniques to capture traffic from those butterfingers moments we all have when typing on our keyboards. And the butterthumbs moments on our phones.

For example, say you type “websiteaddresss dot-com” instead of “websiteaddress dot-com.” More than just a mistake, a mistyped address might land you on a malicious site designed to steal personal information, make money, or spread malware.

The scam sites you might land on vary. Some serve up a screenload of spammy ads. Others host malicious download links, and yet more lead to stores full of cheap, knockoff goods. In other cases, scammers take it up a notch. We’ve seen typosquatting sites evolve into clever copycats of legitimate sites. Some look like real banking and e-commerce sites that they steal traffic from, complete with stolen logos and familiar login screens. With this, scammers hope to trick you into entering your passwords and other sensitive information.

Companies are well aware of this practice. Many purchase URLs with those common misspellings and redirect them to their proper sites. Further, many brands put up anti-fraud pages on their sites that list the legitimate addresses they use to contact customers. Here at McAfee, we have an anti-fraud center of our own.

The fact remains, people make mistakes. And that can lead to risky scam sites. However, you can still avoid typosquatting attacks quite easily.

The big business of typosquatting

For starters, it helps to know that typosquatting is often big business. In many cases, larger cybercrime organizations set up entire flights of malicious sites that can number into the dozens to the hundreds.

Let’s check out a few examples and see just how sophisticated typosquatting scams can be:

“dot.cm” scams

In 2018, researchers found a host of addresses that were registered in the names of well-known sites, but ending in  “.cm”, instead of “.com”. These copycat addresses included financial websites, such as “Chase dot-cm” and “Citicards dot-cm,” as well as social and streaming sites.

Scammers used the .cm sites to advertise promotions and surveys used to collect users’ personal information. What’s more, more than 1,500 of them were registered to the same email address, indicating that someone was trying to turn typosquatting into a serious business.

“dot.om” scams

Similarly, 2016 saw the advent of malicious dot-om sites, that mimicked big names like “linkedin dot-om” and “walgreens dot-om.” Even the interesting typo found in “youtubec dot-om” cropped up. Of note, single entities registered these sites in batches. Researchers found that individuals or companies registered anywhere from 18 to 96 of them. Again, signs of serious business.

Big brand and voice assistant typosquatting scams

Recently, security researchers further found an increase in the number of typosquatting sites. An increase of 10% from 2021 to 2022. These sites mimic popular app stores, Microsoft addresses, services like TikTok, Snapchat, PayPal, and on and on.

Further, scammers have gotten wise to the increased use of personal assistants to look up web addresses on phones and in homes. Typosquatting now includes soundalike names in addition to lookalike names. With that, they can capitalize when an assistant doesn’t quite hear a command properly.

How to protect yourself from typosquatting

No doubt, slip-ups happen when browsing. Yet you can minimize how often with a few steps—and give yourself an extra line of defense if a mistake still slips through.

  • Whether you type in a web address to the address field, or a search engine, be careful that you spell the address correctly before you hit “return”.
  • If you are going to a website where you might share private information, look for the green lock symbol in the upper left-hand corner of the address bar. This indicates that the site uses encryption to secure the data that you share.
  • Be suspicious of websites with low-quality graphics or misspellings. These are telltale signs of fake websites.
  • Consider bookmarking sites you visit regularly to make sure you get to the right site, each time.
  • Don’t click on links in emails, text messages, and popup messages unless you know and trust the sender.
  • Consider using a safe browsing tool such as McAfee Web Protection, which can help you avoid dangerous links, bad downloads, malicious websites, and more.​
  • Always use comprehensive online protection software like ours on your computers and devices to protect you from malware and other online threats.
Introducing McAfee+

Identity theft protection and privacy for your digital life





Source link