How Typosquatting Can Compromise Your Company
Cybersquatters operate behind these fake sites for a variety of reasons such as petty exploits, increase of their website traffic, product or service promotion, and identity or data theft.
Internet scams are aplenty and come in various forms, one of which is typosquatting, also called URL hijacking. The term refers to the use of domain names similar to what online users frequently visit, but with typographical misrepresentations included in the URL address. For instance, when you accidentally misspell a website on the browser’s URL, you might be taken to unscrupulous sites that have been created by typosquatters.
The online encyclopedia, Wikipedia, is no exception to the cybersquatting technique. It’s safe to say that it is the website’s popularity even that has attracted many typosquatting sites—hoping to cash in on users visiting the page. If you type in en.wiipedia.org, for example, you’ll find a site that offers music app downloads instead of the real Wikipedia page.
Cybersquatters operate behind these fake sites for a variety of reasons such as petty exploits, increase of their website traffic, product or service promotion, and identity or data theft.
Typosquatting Techniques
The example above shows how typosquatting occurs, but it’s not all there is. Typosquatters employ a number of methods to deceive unsuspecting users browsing the internet.
- Typo-Generated
In this method, URL hijackers depend on typo errors commonly generated when typing website addresses such as (a) a missing dot, (b) character omission, (c) character permutation, (d) character substitution, or (e) character duplication to choose their phony domain name.
Taking the Wikipedia scenario anew, typosquatter sites may exist under these domain names:
- enwikipedia.org
- en.wikipedi.org
- en.wiikpedia.org
- en.wilipedia.org
- en.wikipeedia.org
Typo-generated models of cybersquatting also include 1-mod-inplace, 1-mod-deflate, and 1-mod-inflate. These schemes involve substituting one to three characters in the legitimate domain name not with just one particular replacement character, but with all possible characters on the computer keyboard. That comes to approximately 3 million possible typosquatted websites from a base of about 900 original ones.
- Homograph Attacks
This technique exploits the visual similarity of letters or characters that users find to be confusing such as how a letter in serif type would look similar to another sans-serif letter or character.
Think of your i’s, l’s, and 1’s. See? Some would probably have to take a second look at them to distinguish one from the other clearly.
- Bitsquatting
Unlike typo-generated errors, bitsquatting pertains to random bit errors generated by computers, which hijackers exploit to redirect connections away from original domains to their fraudulent sites. Bitsquatting domains are likely to attack infected systems with excessive ads and distribution of malware.
- Soundsquatting
As the name suggests, this ploy capitalizes on how certain words sound similar to one another and have different contextual meanings, just as how people misuse homophones, linguistically speaking. It is, thus, possible for thousands of soundsquatters to evolve from a number of target domains.
- Typosquatting Cross-site Scripting
When a developer commits a typing mistake in the HTML pages or JavaScript codes of a website, the mistyped domain may be used and registered by an attacker—opening up an IT security risk to the site that includes the script. Then, every unsuspecting user visiting the page containing the typo will be vulnerable to malicious code sitting on the attacker’s site.
Avoid Being Duped by Typosquatting
As long as you follow these basic preventive measures, you should be able to keep typosquatting at bay and eliminate risks to your business:
- Bookmark sites that you often visit. Convenience-wise, it saves you the extra trouble of typing the URL each and every time. Security-wise, you get the assurance that you’re navigating to the target site.
- Use authoritative search engines to look for a particular website instead of relying on guesswork where human error may be at play.
- In cases where you launch a web page from a new browsing session, double check if you landed on your intended site before entering your username and password credentials.
- Never open emails with suspicious content, links, or attachments that give rise to phishing scams.
- Subscribe to antivirus solutions and data recovery services, and keep your subscriptions up to date.
- Immediately give feedback to your IT group if you come across typosquatting sites in your browsing activities, so firewalls and other security solutions may be reinforced.
- Consider using defensive domain registrations, which involves registering all possible typo variations of your site to prevent hijackers from gaining control and redirect users to your original domain.
There’s a potent threat being posed by typosquatters lurking out there. They are just waiting for an honest mistake from someone in your organization and will track your security measures or lack thereof to launch their willful attacks.
Proper education and a culture of vigilance and readiness among end-users are the best defense to keep cybersquatters off track.
This guest post was submitted by Vlad de Ramos from the Philippines. Vlad has been in the IT industry for more than 22 years with focus on IT Management, Infrastructure Design, and IT Security. He is also a professional business and life coach, a teacher and a change manager. He has been focused on IT security awareness in the Philippines. He is a certified information security professional, a certified ethical hacker and forensics investigator and a certified information systems auditor.