URL hijack
(also URL hijacking, typosquatting)
URL hijack definition
A URL hijack involves tricking users into visiting and browsing websites with malicious content or malware. Specifically, attackers take advantage of common typos or misspellings that users make when typing in the URL of a legitimate site. Then, instead of visiting the actual intended website, users are redirected to fake sites the attacker set up by registering domain names similar to the original site name.
These fake websites are designed to give the same feel or look as the legitimate site so that users cannot tell the difference. This way, attackers can trick them into providing sensitive information, with the users thinking they are giving it to a legitimate site. Additionally, attackers use URL hijacks as a way to sell counterfeit or similar products to the ones the legitimate website sells.
URL hijacks can also do some serious damage to a brand’s reputation because if a customer gets scammed while trying to buy a product or service from a legit business, they will go to a competitor the next time they need the same goods.
See also: typosquatting, DNS hijacking
Protecting against a URL hijack
- Get an SSL certificate.
- Register multiple top-level domains and ones that contain common spelling typos.
- Regularly look out for scam sites and shut them down.