We’ve all misspelled web addresses when typing them into our browsers. Cybercriminals take advantage of such typos by using a technique called typosquatting to mislead consumers into believing that a typoed web address is the real deal.
Here’s how it works. Criminals register the web address for common misspellings of websites – say, “Gooogle” instead of “Google” or “Microtoft” instead of “Microsoft.” Then they make the phony website look legitimate, down to identical logos and icons.
One goal is to trick the hapless consumer into giving away their username and password. The criminals also may try to sell goods and services similar to the typoed brand.
In the case of tech companies, the typoed website may lead to a tech support scam, in which the criminals try to entice the consumer into installing remote control software on their computer so they can steal passwords, credit card numbers and other valuable data. The typoed address lends credence to the scam.
If you’re not paying close attention, you might not realize you’re on the wrong site.
Typosquatting can result in malware on your computer. You don’t even need to click on anything. Visiting the malicious site is enough, even if you close the page right away.
Phishing scams also use typosquatting. A scam phishing email message may direct you to a typoed site. Both the phishing message and the fake site look so realistic that you might not realize there’s a typo in the address bar.
Another form of typosquatting includes registering typoed sites that pretend to be search engines, but what they’re serving you are sponsored links, not actual search results.
This generates ad revenue for the typosquatter. Some typoed sites use a combination of these techniques to trick users.
Companies and their brands can be negatively affected by typosquatting. If you have a business and a typosquatter registers a domain similar to yours, they can drain away your audience, which can reduce your traffic and search engine rankings.
Some typoed sites end up ranking higher in search engine results than the legitimate ones!
It might seem wise to avoid typosquatting by clicking on a link rather than typing an address, but it’s trivial to fake a link that looks like it goes one place when it really goes somewhere else – typically a malicious or malware-laden site.
Phishing scams rely on this trick and many others, which is why security experts advise people to type in addresses rather than clicking on links. But because of typosquatting, it also is important to make sure typed addresses are spelled correctly.
It can be difficult to distinguish a fake website from the real one. Always look at the address bar (where the URL or address is) and make sure it’s not mistyped. You also can use web browser extensions (also known as plug-ins) to detect unsafe websites.
Many antivirus companies, such as BitDefender, Avast and McAfee, offer browser protection. Like all antivirus products, you should make sure to use one from a well-known, reliable developer, as there are plenty of fake extensions out there that pretend to be security solutions.
• Triona Guidry is a computer specialist and freelance writer. Her Tech Tips blog at www.lightningtechsupport.com offers help and advice for Windows and Mac users.