05.08.23

Typosquatting: hacking techniques are getting more complicated

Are you sure that site is legitimate?

As time goes on, it would seem that hacking techniques are getting more complicated. The defenses designed to protect against these campaigns are becoming more advanced, so it stands to reason that the attacks themselves would progress as well.

While this is certainly true in many respects, many hackers find that the simplest of scams are the most effective. Perhaps the best example of this is typosquatting.

What is typosquatting?

Hackers know that many people surf the web quickly and without much awareness. Therefore, scams such as typosquatting are set up to take advantage of this. Essentially, typosquatting is where a hacker will set up a website that is meant to mimic a well-known organization.

For example, somebody who’s quickly trying to access Google.com might accidentally enter Gooogle.com without even realizing it. If someone had registered that name and has the desire to trick people, they could very easily recreate Google’s logo on this fraudulent website.

Of course, there are laws like the Anti-Cybersquatting Piracy Act that are designed to litigate against these kinds of shenanigans. However, laws very rarely stop hackers in the act and are really created in order to prosecute illegitimacy after the fact.

Hackers don't have respect for the law. Hackers aren’t known for their ability to follow the rules.

What’s the worst that can happen?

Individuals who engage in typosquatting have a wide range of end games. To begin, many of these scams are simply meant to draw people in with fake news stories in order to create advertising revenue. People are more likely to view a story posted by a reputable source, so many fraudsters will post an unbelievable article on a site that looks like it’s been written by a reputable news organization.

While that’s certainly a dishonest way to make a quick buck, it’s only the beginning of the troubles that arise from typosquatting. The more sinister goal is often to get personal information from individuals who are unlucky enough to find the fraudulent website.

“Many typosquatting schemes are simply covers for phishing operations.”

As USA Today pointed out, many typosquatting schemes are simply covers for phishing operations. An individual may be drawn in by a wacky news story or a great deal from a retailer, only to be met with a survey asking about private information. The web surfer may think they’ll be receiving some sort of discount or prize, but they’re actually giving a hacker everything he needs to compromise their identity.

Finally, it is important to note that many typosquatting sites have malware riders hidden within them. This means that anyone who visits them could potentially have malware downloaded onto their machine.

What can you do to avoid typosquatting?

Thankfully, avoiding typosquatting is pretty easy if you’re willing to put in the effort. Regardless of what you’re doing on the internet, you should always intensely investigate any link that you want to click. This means ensuring that everything is spelled correctly, but it should also involve putting quotation marks around a URL and plugging it into a search engine to see if it’s legitimate.