Do you remember all those times when you’ve accidentally mistyped a URL and ended up on a suspicious website? Apparently, creating sites that resemble popular services is a common practice to scam people. So what is typosquatting, and how can you protect yourself online?
Typosquatting (also known as URL hijacking) is a type of social engineering attack that targets users who type a URL incorrectly. Let’s take “website.com” as an example. You can accidentally type weebsite.com, wbsite.com, or even website.net by mistake.
Bad actors often register domain names that mimic well-known brands to trick users into thinking that they're on a legitimate site. They can copy the structure and design of an original website, so everything would look as it should. There are two main reasons behind typosquatting attacks:
From a business perspective, a domain typosquatting can seriously damage your company’s reputation and steal a significant amount of your traffic. If a customer gets scammed while trying to access your website, next time they can choose a different service provider.
You accidentally end up on a fake website and purchase something, but your items never arrive.
As the name suggests, imitators portray themselves as legitimate sites and intend to steal your personal information. Companies track imitators and try to shut them down as soon as possible, but it can take a while to do that.
After misspelling a URL, you might find yourself on a website that offers you to buy this domain (and similar domains too). These types of websites can also contain ads that generate revenue for their owner.
Some websites store malware and intend to infect your system. In rare cases, it’s even possible to get malware just by simply visiting a malicious website.
These types of websites ask customers for feedback or give them something for free, while trying to steal their sensitive information.
A fake website redirects traffic back to the original site in order to receive commission. However, brands closely track who they’re paying money, so usually these kinds of scams don’t last long.
Goggle.com is probably one of the most well known examples of typosquatting, which gained notoriety in 2006. After accidentally loading this bogus website, users were bombarded with ads and viruses. At that time, many computers lacked proper protection from malicious programs, so Goggle.com infected thousands of devices.
Agar.io is a multiplayer online action game, which caught the attention of typosquatters in 2015. They created a website called agor.io which intended to scare users by making metallic sounds, changing colors, and showing an image of Jeff the Killer. The agor.io jumpscare website was taken down the same year, but it certainly caused panic among gamers.
Always double-check a URL. If you’re not sure how to spell a website’s name correctly, use search engines to access the legitimate site. Before pressing Enter, inspect a domain name, and make sure you didn’t leave any typos.
Never click on suspicious links in emails. Since criminals often use phishing attacks to redirect users to fake websites, never click on links in your email before closely inspecting them first. Look for grammar mistakes and a sense of urgency. You can also hover over a link to see where exactly it is going.
Bookmark your favorite websites. It’s not a bad idea to bookmark all your favorite sites, so you won’t need to type a URL every time.
Use a VPN. A virtual private network encrypts your traffic and hides your IP address, improving your online security. NordVPN has the Threat Protection feature, which blocks websites known for storing malware. With one NordVPN account, you can protect up to six devices: laptops, tablets, smartphones, and more.