Explained: What is Typosquatting? Tips to prevent URL hijacking
Cybercriminals deceive people to click websites that have close resemblances to the actual websites that you wanted to visit.
Have you ever made a minor spelling mistake while typing URLs and landed on some strange websites? Or you clicked a link that looked legitimate website but on clicking, you discovered it is a fake site? This trick to deceive people to land on the malicious site is called typosquatting.
A small mistake on the internet could prove costly these days with internet data usage increasing more than seven holds in the last few years. There are times when people type URLs without paying attention. For example, if you type www.gooogle.com instead of www.google.com, you will end up in the wrong place where there is a high chance of your system being attacked or your sensitive information being stolen.
Often, cybercriminals deceive people to click websites that have close resemblances to the actual websites that you wanted to visit. Without realising that they are on the wrong site, people might type their login ID and password which the hackers might use to steal your sensitive information.
Imagine you have entered your credit card details in the malicious site and that information might be used to steal your money or the money on your card.
How does this work?
Cybercriminals first register the domain names of misspelt URLs. They will book multiple domains that have high chances of misspelling. If the original website is www.buyshoesfree.com, they try to book domains like www.buyfreeshoes.com, www.buyshoefree.com, www.buy-shoes-free.com, etc.
Attackers may also target you by sending wrong website links to your e-mail and text messages. When an unsuspecting user clicks the link their system will be hacked.
Common forms of typosquatting:
Typos, wrong spellings, alternative spellings, wrong domain extension, combosquatting and similar domains.
Tips to Protect Yourself from Typosquatting
Never click an unknown link on social media sites.
Check the domain names before clicking it. See whether any letter is missing in the domain or has extra words, incorrect spellings, etc.
To be on the safer side, always bookmark websites that you frequently visit.
Never click links on unexpected emails, SMS, or chat messages.
When in doubt over the actual website domain, go to the trusted search engine and do a search to land on the website.
Use Voice recognition software to land on popular URLs.
Last but not the least, it is advised to have genuine anti-virus software that always guards your system against such attacks.