Cyber Security Solutions, Compliance, and Consulting Services - IT Security

We offer It security management, data, network, & Information security services for protecting information & mitigating security risks to your organization.

What is Typosquatting and How to Stay Safe

Typosquatting is a new method of cyber attack used by cybercriminals to steal critical information from your system, blackmail you, rip you off your hard earned money and infect your system with malware. Typosquatting has to do with spelling. Yes, that’s true. Spelling does matter. When you type a web address into your browser while surfing online, even a minor misspelling may land you in trouble.

In case you have typed in a web address and found yourself on a website that is not the one you planned to land on, you may fall a victim to typosquatting, which is also called URL hijacking. Cybercriminals often put up a website address similar to a popular website with the hope of getting traffic that is actually intended for the genuine website.

The typosquatting websites basically depend on the minor spelling mistakes people make while typing in a web address. For example, you may end up typing S instead of T or skip the O in .com. According to a recent study, there are hundreds of websites that are registered as popular websites, with the domains ending in .cm instead of .com. These websites basically impersonate the real websites. Some example of typosquatting addresses includes chase.cm and citicards.cm.

These websites run promotions and surveys to gather your personal information. In the past, typosquatting was used to steal the genuine website’s traffic, today this practice has been even more sophisticated. The copycat websites aim to steal your banking information by impersonating a financial institution’s website and steal your credit card information by acting similar to a popular e-commerce store.

So, how can you stay safe in the face of typosquatting? Here are some tips for you:

  • When typing a website address in a browser or a search engine, you must be extremely careful and be certain you have typed in the address correctly.
  • In case you are visiting a website where you may provide your personal or financial data, make sure to look for the lock symbol at the upper left corner of the bar where you type in the address. The lock symbol denotes that the website used cybersecurity techniques like encryption to make sure your data is secure. If you don’t see the green lock symbol, exit the website immediately.
  • You must be suspicious of a site that has low-quality images, graphics or has typos and grammatical mistakes. These are signs of typosquatting. As professional and real website will never have such mistakes.
  • When you visit the genuine website and think you will need to visit in future as well, you must bookmark the website. You will land on the same site every time you make an attempt.
  • When you get emails with links, do not click on them unless you are sure they are from legitimate sources.
  • Make sure to install trusted antivirus on your system and use tools like McAfee WebAdvisor that can notify you about risky websites in search engine results.