Typosquatting is a method hackers use to trick you. Attackers can use typosquatting to trick you into visiting a website (so they earn ad revenue at best or steal your data at worst), install malware onto your computer, or combine it with a phishing email. Typosquatting is part of a bigger cybercrime category called cybersquatting. It involves purchasing and using URLs/domain names in bad faith. This can all be very hard for you, the user, to detect. So it’s important to understand what typosquatting is and how to protect your business.
In this article you will learn:
Typosquatting is also known as URL hijacking - basically it involves someone using a URL very similar to the victim’s URL. Examples:
You may think you can spot these sorts of things right away, but they’re not always so obvious. Sometimes we’re in such a rush and accidentally type in the incorrect URL or we don’t pay close attention before clicking a link. Attackers using typosquatted domains exploit these situations.
See the full infographic here: https://www.anomali.com/resources/infographics/typosquatting-more-than-just-a-typo
Although some people may be purchasing typosquatted domains as a joke, or to poke fun at a brand or celebrity, most people involved with purchasing them are not doing so to have fun. They are acting in bad faith and may be trying to do the following:
You’ve probably heard of phishing. Let’s rephrase - we hope you’re aware of phishing scams! Phishing is the #1 cause of data breaches. It’s also one of the most common tactics criminals use to steal data and money.
But you might think you know all there is to know about phishing because you’ve received a few ‘bad’ phishing emails. You know the type: poor spelling and grammar or you were personally contacted by a Nigerian prince! But there are some really, really good phishing emails. Phishing still occurs because it works! Try Google’s phishing quiz to test your knowledge: https://phishingquiz.withgoogle.com/
So what does this have to do with typosquatting? If you combine phishing with typosquatting, the result could be something called spear phishing. This means an attacker is focusing on specific targets - they’re not sending out millions of these generic phishing emails per day.
Attackers who use spear phishing techniques are using background information about you and your company (that they can find on your company website, your LinkedIn profile and more).
They’re using a typosquatted domain to trick you into thinking they are your coworker, boss, client. They use this to their advantage - either to steal money, your data or both. Awareness is the first step - you need to know what type of attacks happen so that you can best protect yourself and your business.
Below is an example of how typosquatting works in real life. It happens, it works and can be devastating for the victims involved.
An RIA -- let's call him John -- was emailing back and forth with a client, as is often the case. Let's call the client Stanley.
Unfortunately, Stanley's email account was hacked. The hacker had FULL access to all of Stanley's emails. The hacker was sitting and watching, waiting to make their move.
Stanley wanted to transfer some money between accounts. As is normal, John emailed him wiring instructions.
What happened next is, unfortunately, becoming quite common.
The hacker saw John's email with the wiring instructions. The hacker immediately sent Stanley a fake email, pretending to be John. He gave Stanley some new wiring instructions to use.
Unfortunately, Stanley didn't call to confirm the new wiring instructions. His money was gone, and couldn't be recovered.
Here's where it gets even scarier, though.
The hacker wanted to make the fake email more convincing.
To do so, the hacker registered a website that looked a lot like John's actual website.
So let's say John's email was "[email protected]".
The hacker might have registered "[email protected]" (with a zero instead of an O). Or maybe "[email protected]" (that's a lowercase L instead of an I). Or even "[email protected]" (it ends with ".co" instead of ".com").
Even if Stanley had bothered to look at the address, it might have been very hard to detect.
Ok, typosquatting is bad, but what can you do about it? Awareness is super important, so be sure to share this article with your coworkers and employees. We’ve listed other ways to protect your business from typosquatting below:
Buy any website domains that could be associated with your company. You probably already own the .com, .net, and .org of your domain name, but you should also register as many of the new domains as you can (e.g., .io, .biz). Do the same if there are common misspellings of your company name. If you own them, someone else can't register them.
Make sure to teach your clients to pick up the phone if they get any "last minute" emails that seem to come from you. Better safe than sorry.
Take the opportunity to remind your clients that they should set up two-factor authentication (2FA) for their email system. And of course you should have 2FA set up too!
The Uniform Domain-Name Dispute-Resolution Policy (UDRP) allows trademark holders to file a case against typosquatters/cybersquatters.
Websites need SSL certificates to verify ownership and keep user data secure. This will help your clients know they’re on the correct website.
Choose a second-level service that scans your email for advanced phishing attacks. Some email services have phishing protection built in, which is great, but a second-level service adds more protection since no email service is perfect. These services automatically check your email for shady business. They put another level of security between you and the big bad world of phishing scams. We use and recommend a service called Proofpoint.
Knowing how to spot a phishing email or typosquatting email can be incredibly difficult. Which is why hackers continue to use these tactics - they work! Check out our other phishing articles and share with your staff and clients:
The Nigerian prince email scams are not around much anymore. They’ve been replaced with highly sophisticated email scams that sometimes involve typosquatting. It’s not always super easy to tell a 0 from an O or an l from an I.
This means we all need to be extra attentive when reading emails. It also means we need as much protection as we can: awareness is not enough! You must communicate with your staff and your clients. And your expenses will increase when adding extra email security or purchasing additional domain names. But these steps are necessary to protect your business.
We're researching running a service for our clients that would look for lookalike domains once a month. If we find one, you'll be alerted so you can start the process of domain takedown and warning clients. Interested? Contact us today.
Have questions or feedback? Please share them in the comments below.
Like this article? Share it!