Domain Typo Squatting

I would like you to take a look at the following web address:

What do you see?

Do you see microsoft.com? You would be very wrong if you did. Zoom in on the above picture. This address is actually RNICROSOFT.COM and not the address you first thought of.

UNDER NO CIRCUMSTANCES GO TO ANY ON THE ADDRESSES QUOTED IN THIS ARTICLE – I CANNOT GUARANTEE YOUR SAFETY.

This is an example of what is called ‘Domain Typo Squatting’.

This is a typical approach hackers use to trick you into going to what you think is a legitimate web site, when in fact it isn’t. This site will in all likelihood lead you to a clone of the actual website (which will be believable as they will have probably cloned the actual website using easily available website cloning software), ask you to login and thereby giving your login details to the intended website to the hackers. In all likelihood you will then be redirected to the genuine site with an error (e.g. invalid password) and then you login to the valid website. However at this point the hackers have your validated login details for this website.

This is a trick that is currently being used to trick voters to fraudulent election websites in the US.

Popular sites or keywords are commonly targeted by domain typo squatters who purposely register misspelled domain names in order to funnel visitors to their own products, scams, or malware. This is particularly dangerous when we are dealing with a a banking website, or some website where you have recorded financial details (e.g. shopping sites) or personal details (e.g. Comparison sites).

It is very easy to mistype a web address and arrive at a totally unexpected website. Many years ago I was looking for something connected to the US White House. I went to whitehouse.com and ended up at a website of ‘The First Ladies of the Internet’, which was a soft porn site – which has long since been disbanded. The correct address for the White House is whitehouse.gov, but this might not come up as the first option in a search. For example whitehousehotel.com might come up.

There are various types of Domain Typosqatting:

Misconfigured or illegitimate typosquat domains are described as ones that have not been properly configured and show directory indexes or HTML error messages. Other types of sites that fall under this category are ones that promote content related to the domain name, but not necessarily for the benefit of the orgnanisation.

Non-malicious typosquat domains are ones that are designed hurt the brand of the company. There are examples of non-malicious, and actually helpful, typosquats that warned the user they were at the wrong domain and provided the link to the correct one.

Redirects, which are unfortunately the most common. These sites will redirect the visitor to scam sites, unwanted and fake Chrome and Firefox browser extensions, fake program updates that install malware, or tech support scams.

Researching the owners of these invalid domains is proving harder since the introduction of the GDPR regulations in the EU due to change in the venerable WHOIS system.

How do I get round this?

You need to adopt a no-trust policy!

If you receive an email, IM or other message from a website you use, for example asking you to re-authenticate or making you an unbelievable offer, then TAKE 5 minutes to check it out:

  • Never click on any links you receive via an unauthenticated source, even if it appears legitimate
  • Hover over links with your mouse, or long press if you are on a smartphone, to check if the site is legitimate
  • Engage Brain and ask yourself if this is a genuine message
  • Visit the site in question via a trusted bookmark and not by clicking on the link in the message.

If it is legitimate, then:

  • the website will challenge you to re-authenticate if there has been a problem with your account
  • the offer will be in a secure message in your inbox on the site, or it will be displayed as a welcome message
  • Any unauthorised access challenges will be made as you login
  • etc.

For websites you regularly visit, I recommend recording a bookmark in your web browser and always using this to access the site. This will get round the possibility of incorrectly typing the web address. If you login to the browser, then your bookmarks should move between devices.

On logging into web browsers, this is another issue that I will be writing about soon as this is not always the best policy.

If you are a business, registering common domain variants of your website (e.g. .com, .biz, .me, .info), including the misspelled domains, and arranging for them to be redirected to your legitimate website will help to zero out this risk for you. This will also help to minimise any tarnishing of your bands reputation.

Organisations should also monitor domain registrations for any non-legitimate domains names being registered and attempt to have them taken down. There are services that offer domain monitoring for a subscription.


Headline image provided by Headway on Unsplash

Comments are closed.

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: