15 May We All Make Typos: Why Cyber Criminals Are Counting On It 

Online scams and frauds have become more common than ever before. Phishing, a prevalent tactic used by cybercriminals to deceive unsuspecting users into divulging sensitive information, has taken on various forms. One such form that has emerged in recent years is typo squatting. Let’s delve into what typo squatting is, how it works, and what organizations can do to educate their employees about it.

Typo squatting, also known as URL hijacking, clone phishing or domain spoofing, is a form of phishing attack that capitalizes on human error. It involves the creation of a fake website that closely resembles a legitimate one. The cybercriminals behind this tactic craft a website with a domain name that bears a striking resemblance to a well-known website, but with a small typo or misspelling. For example, if the legitimate website is “www.google.com,” the typo squatted website could be “www.gooogle.com” or www.gogle.com. (Though Google has smartly purchased all of these typo URLs and all lead back to the official www.google.com.)

Once a user mistakenly types in the wrong URL or clicks on a malicious link, they are instantly redirected to the deceptive website. At first glance, the site will appear almost identical to the legitimate one, luring the user into a false sense of security. However, the danger lies within the user being prompted to enter their login credentials, personal data, or other sensitive information. Unbeknownst to the user, their information is now in the hands of cybercriminals who can exploit it for nefarious activities such as identity theft or financial fraud.

Detecting typo squatting can be challenging, as the fake website closely mimics the real one. Nevertheless, there are subtle signs to watch out for. Users should be vigilant about examining the URL for slight differences, checking for poor design elements, or the absence of security features like HTTPS. These indicators can be red flags that raise suspicion and warrant further investigation before entering any sensitive information.

To shield against typo squatting attacks, organizations can adopt several measures to educate their employees about this deceptive tactic.

Firstly, it is crucial to instill awareness of the dangers associated with clicking on suspicious links or downloading files from unknown sources. Employees should be mindful of the potential risks and exercise caution when engaging with unfamiliar websites or resources.

Secondly, organizations should emphasize the importance of double-checking the URLs of any website they visit, especially those that require the input of sensitive information. Encouraging employees to be meticulous in examining the website address can significantly reduce the likelihood of falling victim to typo squatting attacks.

Moreover, organizations can implement training programs that simulate phishing attacks, providing practical lessons on identifying and reporting suspicious emails or links. These training sessions expose employees to realistic phishing scenarios, allowing them to develop the necessary skills to discern genuine websites from deceptive ones. By fostering a culture of heightened awareness, organizations can empower their employees to actively contribute to cybersecurity efforts and minimize the risk of successful phishing attacks.

The Anatomy of a Typo Squatting Hack

Let’s consider an example of the steps a cybercriminal might go through to deploy and leverage a spoofed URL to execute a specific plan, leading to actual harm to a company:

1. Reconnaissance: The cybercriminal starts by researching their target company, identifying potential vulnerabilities, and gaining insights into their online presence. This includes studying the company’s website, social media accounts, and email communications.

2. Domain registration: The attacker registers a domain name that closely resembles the legitimate website of the target company. They deliberately introduce a slight typo or misspelling in the domain to trick unsuspecting users.

3. Website replication: The cybercriminal creates a fake website that mirrors the design, layout, and content of the legitimate company’s website. They ensure that it appears highly convincing, making it difficult for users to detect the deception.

4. Obtaining SSL certificate: To add an appearance of legitimacy, the attacker may acquire an SSL certificate for the fake website. This certificate enables the site to use HTTPS, giving the illusion of a secure connection to users.

5. Phishing lure creation: The cybercriminal devises a compelling phishing lure, such as a well-crafted email or social media message, enticing users to visit the fake website. They may use tactics like urgent requests, enticing offers, or fear-inducing messages to prompt users to take immediate action.

6. Distribution of the phishing lure: The attacker employs various methods to distribute the phishing lure to the target company’s employees or customers. This can include sending mass emails, posting on social media platforms, or using targeted messaging to specific individuals.

7. User redirection: When users interact with the phishing lure, they are redirected to the spoofed website. This can occur through clicking on a link in an email or via a manipulated search engine result. The user is often unaware they have been redirected to a fake site.

8. Credential harvesting: On the spoofed website, users are prompted to enter their login credentials, personal information, or financial details under the guise of a legitimate request. The cybercriminal captures this sensitive information, which can be later used for unauthorized access, identity theft, or financial fraud.

9. Exploitation: With the acquired credentials and information, the attacker can execute their specific plan. This could involve gaining unauthorized access to the target company’s systems, stealing intellectual property, perpetrating financial fraud, or compromising customer accounts.

10. Covering tracks: To maintain anonymity and avoid detection, the cybercriminal covers their tracks by deleting any traces of their activities, obscuring their digital footprints, and possibly using various techniques like encryption, VPNs, or proxy servers.

Real-world examples of phishing attacks resulting from typo squatting:

1. PayPal: Cybercriminals registered a domain called “paypa1.com,” deliberately using the number “1” instead of the letter “l” in “PayPal.” Unsuspecting users who accidentally entered this domain were redirected to a fake PayPal login page where their login credentials were harvested by the attackers.

2. Netflix: In a case of typo squatting, attackers created a website with the domain “netfliix.com,” with an additional “i” inserted. Users who mistyped the URL were taken to the fake Netflix site, where they were prompted to enter their account details and payment information, providing the attackers with access to their personal and financial data.

3. Bank of America: Cybercriminals registered a domain named “bankofamerrica.com,” intentionally replacing the last “a” in “America” with an extra “r.” Users who inadvertently visited this site were presented with a replica of the Bank of America’s online banking login page. The entered credentials were stolen and misused for unauthorized activities.

Summing Up

In conclusion, typo squatting is a phishing tactic that exploits the common occurrence of typographical errors made by users. By creating fake websites that closely resemble legitimate ones, cybercriminals deceive unsuspecting individuals into divulging sensitive information.

Organizations must take proactive measures to educate their employees about typo squatting, including promoting awareness of the dangers, emphasizing the importance of scrutinizing URLs, and implementing training programs that simulate phishing attacks. By equipping employees with the necessary knowledge and skills, organizations can fortify their defenses against typo squatting and reduce the potential for cyber threats.