On what seems to be a normal day, you open up your web browser and type in the URL of the website you want to visit. But suddenly, your PC starts serving rogue advertisements, malware, and phishing sites. What happened?
Typosquatting, a URL hijacking technique that’s been gaining popularity among cybercriminals, takes advantage of such errors. There are many ways you may fall prey — here's what you need to know.
How does it work?
Typosquatting involves registering a domain that imitates a legitimate website (e.g., Google.com, Microsoft.com) so users don't notice that they're on a different website. This is done to install malware on victims' computers or launch phishing attacks.
So if a typosquatter wants to target Gmail, they might register the domain “Gmsil[.]com” because the S key is close the A key on the keyboard, and the attackers know that it's easy for users to mistype S instead of A. And should users type in Gmsil.com instead of Gmail.com, they will then use the fake Gmail site, thinking they're on the right page.
The typosquatters will then obtain the login credentials of the users who mistyped the URL, enabling them to access the account and steal confidential data such as personally identifiable information (PII), financial data, login credentials, and business secrets.
How is typosquatting dangerous for my business?
While your business should beware of the typosquatting tricks employed by cybercriminals, know that your competitors may also resort to this dirty technique to sabotage your business.
For instance, if your retail store's domain name is “Fairpricestore[.]com”, a competitor may try to drive away your customers by registering a similar-looking domain such as “Dairpricestore[.]com” or “Fairoricestore[.]com”. If customers don’t notice this typographical error, they might mistake the malicious page for your website.
How can I protect my business from typosquatting?
Carefully check the URL of the website you want to visit before pressing Enter.
Look for a lock icon on the browser’s address bar as this guarantees the legitimacy and security of a website. If a website is running under “http://” and not “https”, web browsers will typically warn the user that the page they are visiting may not be safe.
Here are a few best practices that you can use for your business:
#1. Register your trademark
By registering a trademark, you can easily lodge a Uniform Rapid Suspension (URS) complaint with the World Intellectual Property Organization (WIPO) if you believe that a domain name is maliciously being used against your business.
#2. Secure multiple variations of your domain
To avoid possible instances of your competition typosquatting your website, you can take precautions like registering multiple spellings of your domain. Register variations that include acronyms, typographical errors, hyphens, and other possible ways that a user may enter your domain name. For instance, Facebook owns the domain name “Faceboook[.]com” and “Facebok[.]com.”
#3. Renew your domain regularly
Be mindful of your domain name's expiration date. Failing to renew it on time might make it easy for cybersquatters to grab your domain and force you to spend an exorbitant amount of money to get it back.
#4. Use antivirus software
Antivirus software, which typically comes with URL checking tools, checks if a website is safe to visit. Antivirus software immediately blocks malicious codes in the website and prevents the page from downloading malicious code and showing rogue ads.
Your business needs the best protection from cyberthreats. INFINIT can help. Our INFINIT Shield managed security solutions provide proactive maintenance and 24/7/365 cyberthreat protection so your data stays safe and your business reputation is intact. Don’t let issues like typosquatting ruin your company. Get your FREE security assessment today.