How many times have you typed a wrong internet address into your web browser? It must have happened to you at least once. Maybe instead of “Facebook” you typed “Fcebook” while rushing to access your Facebook profile?
You’d think that such an honest mistake doesn’t cost you anything. After all, you do no harm. But with all the cybercriminals out there looking for new opportunities to make some easy money, mistyping the name of a popular website might cost you your internet security.
If you mistype the address of a website into your browser, you could end up on a malicious website. Once landed, you might get tricked into downloading malicious software to your computer or handing over personal information, such as credit card details. Cybercriminals set up these fake websites, hoping to “capitalize” on your mistakes.
What is typosquatting?
The fraudulent web practice mentioned above is called “typosquatting”. It is a form of cybersquatting, an illegal web practice also known as “domain” or “URL squatting”. The US and other countries even have a law against it. In the US it’s called “the Anticybersquatting Consumer Protection Act”.
Cybersquatting basically refers to the action of registering, trafficking in, or using the name of an existing website to profit from the goodwill of a trademark that belongs to someone else.
Sometimes, the ill-intended third-parties behind this kind of fraud – cybersquatters – register misspelled versions of popular trademarked names that coincide with common misspellings made by web users. In such cases, if you happen to type one of those versions into your browser, you’re directed to their site (for example: www.example.com may be used as www.exmple.com). At this point, your internet security might be greatly compromised. This is typosquatting and has happened with popular brands like: Twitter – www.twtter.com, Wikipedia – www.wikapedia.com, Craiglist – www.craigilist.com, Apple – www.pple.com, Google – www.goole.com and more.
What do typosquatters want?
- Compete with the popular sites in question for web traffic and earn money through advertisements; in this case, typosquatters are not putting at risk your internet security, but they are taking advantage of your good faith. Their real victims are the companies whose names are used as bait.
- Trick you into downloading spyware or other type of malware to your computer. If you don’t have proper antivirus protection, they might breach your internet security. For example, once you get on the respective site, a pop-up window might warn you that your computer is infected and urge you to download an antivirus program they provide. If you fall for the scam, what you actually download is malware.
- Get hold of your personal information – usernames, passwords, credit card details, as part of a phishing scam. The site you land on might offer you fake discounts or giveways, in exchange for your personal details.
- Direct you to adult, dating sites, or other sites you had no intention of visiting.
How to avoid typosquatting dangers:
- Be very careful with what you type in to your web browser. Always type in the correct names of the sites you want to visit and make sure your kids do the same. You don’t want them ending up on dating sites or downloading some form of malware that can compromise your entire family’s internet security.
- When you’re not sure of the correct spelling of the website name, do not type it in the browser address bar directly. Use a trusted search engine instead, like Google, Bing and Yahoo!, to get a thorough list of search results. In this case, it’s best you have an effective Safe Browsing tool, like the one in BullGuard Internet Security 12, to flag out phishing, virus-infected and other types of malicious websites.
- Get a genuine and comprehensive internet security suite to protect you from phishing attempts, viruses, spyware and other types of malware. BullGuard’s internet security software comes with a dual antivirus engine that spots known and yet unknown malware, as well as an antiphishing tool and a bunch of other cool internet security features.