Explanation: what is typosquatting? Tips to prevent URL hijacking
Cybercriminals trick people into clicking on websites that look a lot like the real websites you wanted to visit.
Have you ever made a small spelling mistake while typing URLs and landed on strange websites? Or clicked on a link that appeared to be a legitimate website, but upon clicking you found out it was a fake site? This trick to trick people into landing on the malicious site is called typosquatting.
A small mistake on the internet could prove costly these days, as internet data usage has increased by more than seven sockets in the past few years. There are times when people type URLs without paying attention. For example, if you type www.gooogle.com instead of www.google.com, you will end up in the wrong place where there is a high chance that your system will be attacked or your sensitive information will be stolen.
Often, cybercriminals trick people into clicking on websites that look a lot like the real websites you wanted to visit. Without realizing they are on the wrong site, people can type in their login ID and password which hackers could use to steal your sensitive information.
Imagine that you have entered your credit card details on the malicious site and this information could be used to steal your money or the money on your card.
How does this work?
Cybercriminals first register the domain names of misspelled URLs. They will reserve several domains that have a high chance of being misspelled. If the original website is www.buyshoesfree.com, they try to reserve domains like www.buyfreeshoes.com, www.buyshoefree.com, www.buy-shoes-free.com, etc.
Attackers can also target you by sending bad website links to your emails and text messages. When an unsuspecting user clicks on the link, their system is hacked.
Common forms of typosquatting:
Typos, misspellings, alternate spellings, wrong domain extension, combosquatting and similar domains.
Tips to protect yourself from typosquatting
Never click on an unknown link on social media sites.
Check domain names before clicking on them. Check if a letter is missing in the domain or contains extra words, incorrect spelling, etc.
For added security, always bookmark websites that you visit frequently.
Never click on links in unexpected emails, text messages or chat messages.
If in doubt about the real domain of the website, go to the trusted search engine and search to access the website.
Use voice recognition software to access popular URLs.
Last but not the least, it is advisable to have genuine antivirus software that always protects your system from such attacks.
Article first published: Thursday, May 5, 2022, 7:33 p.m. [IST]