Typosquatting: The Hidden Security Threat

• in categories: advice • by: Michelle Balestrat

Gooogle, Yahaoo, Facbook…

See what we did there?

A cluster of safety pins spells out 'WWW' on a green background.

Typing errors happen to the best of us. When it comes to typing a website’s address incorrectly, most of the time you’ll know immediately: ending up with an error page, or a parked domain page full of irrelevant advertising.

However, you might also be led to a site that looks exactly like the one you wanted to visit. It’s this last possibility, known as ‘typosquatting’, that poses the biggest threat to your privacy and Internet security.

Using this false domain, a hacker may create a fake website that is an exact or near replica of the site you intended to visit. You might assume you’ve been redirected, or not even realise your error.

These sites tie in directly with the practice of phishing: fraudulently attempting to coax you into entering your login details for an official site by using a hacker-run ‘copy site’. Commonly, you’re led to phishing sites by an urgent-sounding email message. (Take a look here for more info on phishing, and how to spot an attempt).

Common targets of typosquatting attacks are typically the large, high-traffic sites we visit daily: banking, social networks and shopping or auction sites. For example, thieves recently attempted to phish for Google Docs accounts by ‘squatting’ on the official-sounding domain, googledocs.info.

Think a wrong turn isn’t a big deal? After all – can’t you simply hit your browser’s ‘back’ button? That’s not quite true, as these counterfeit sites may also expose you to keylogging or ransom malware, simply by loading the page (a phenomenon known as the ‘drive-by download’).

So, how can you protect yourself from this little-heard threat? Here are our top tips:

##Check the spelling of each web address carefully. ## This one is a bit obvious, yet so often overlooked. As we’ve seen, a simple typo might just send you to a high-risk imitation of where you wanted to be.

If you find you’ve landed on a typosquatted site, do your part and immediately report it to Google.

##Don’t follow links inside emails, text messages or on social media. ## Visit the site yourself to ensure you’re going where you intended. Subtle errors in a domain name might fool your eyes, so change your habits to avoid being taken by surprise.

##If you use Google Chrome, take a look at your privacy settings. ## Users of this popular browser rejoice! Chrome includes a few hidden features to make typosquatting less likely.

Visit chrome://settings and go to Settings on the left hand side. Click on Show advanced settings, and navigate to Privacy. Under this heading, you can select a number of security enhancements.

To help stave off typosquatters, it’s a great idea to enable the checkboxes for “Use a web service to help resolve navigation errors” and “Use a web service to help resolve spelling errors”. These tools can help you avoid the spelling blunders that might lead you astray.

##Use bookmarks or favourites## No matter which browser you use, bookmarks (also called favourites in Internet Explorer and Edge) can save you a lot of hassle. Save your frequently-visited sites (for example, Facebook and your bank) in your ‘Bookmark Toolbar’, so a single click can take you straight there, without any detours.

This will save you from the risk of typing errors… not to mention make your life a whole lot easier!

Boost your breach protection!

Email Watchdog

Guard your online accounts.
  • 10 and 50 email packs available.
  • Detailed breach notifications.
  • Watchdog Update email newsletter.
  • Priority email support.
Learn More

Business Watchdog

Protect your company’s accounts.
  • Protect all email addresses in your domain.
  • Detailed breach notifications.
  • Exclusive access to your domain’s breach status.
  • Watchdog Update email newsletter.
  • Priority Email Support.
Learn More