URL hijacking: Explained: what is typosquatting or URL hijacking and how to protect against it

Typosquatting is a type of cyberattack where the Pirates trying to trick internet users with a fake website which has a URL similar to the real one, with a “typo” or error in the address. Users who type in a web address without paying attention to what they are typing are potential victims of such an attack, as they are tricked into clicking on a malicious website link. They can also access these websites via Phishing links sent to them.
In such an attack, when the user lands on a malicious site, the hackers have different approaches to harm. They could steal your banking credentials or generate revenue, as these bogus sites can be landing pages for various forms of advertisements. Businesses can also be affected by URL Hacking because they lose customers that way.
Typosquatting is also known by other names like URL hijacking, fake URLs, domain mimicry, or stinging sites.
The way cybercriminals start with Typosquatting is that they first purchase and register a domain name which is a misspelled name of the website of an e-commerce site, bank or other popular sites/ important. They may also opt for multiple domain names to increase their chances of scamming unsuspecting people. Then, they design the web page elements of the fake website to mimic the real website so that customers won’t find anything fishy when they accidentally access it.
For example, the actual website URL could be shopbooksonline.com. A typosquatted variant of the same could be shop-books-online.com or shopbooks-online.com or shpbooksonline.com or shopbooksnline.com. Another example could be google.mailpk.com (fake) when all you want to do is go to google.com.
How to protect yourself from Typosquatting or URL hijacking
  • Be very careful when clicking on links that are part of unknown/suspicious emails, online chats, text messages, etc.

  • Do not click on any links on social media or unknown websites if something seems out of place.

  • Check the link URL of the website you are about to click on by hovering your mouse over it. Check for typos there.

  • Bookmark your frequently visited sites to avoid typing the url every time.

  • Do not open attachments from emails from unverified sources.

  • If you need to enter text, first go to a trusted search engine and enter the website address there. Do not type directly into the address bar.

  • If you think you have somehow landed on a fake website (assuming you realized it before entering sensitive details there), immediately close the browser.
  • Invest in a paid antivirus solution for your devices to minimize the risk of such cyberattacks.

Comments are closed.