www.kaspersky.com
Open in
urlscan Pro
4.59.181.140
Public Scan
URL:
https://www.kaspersky.com/resource-center/definitions/what-is-typosquatting
Submission: On March 22 via manual from CA — Scanned from CA
Submission: On March 22 via manual from CA — Scanned from CA
Form analysis
0 forms found in the DOMText Content
Solutions for: * Home Products * Small Business 1-50 employees * Medium Business 51-999 employees * Enterprise 1000+ employees Solutions for: * Home Products * Small Business 1-50 employees * Medium Business 51-999 employees * Enterprise 1000+ employees Kaspersky * * My Kaspersky * Products * NEW Kaspersky Security Cloud Your gateway to all our best protection. Access our best apps, features and technologies under just one account. Get antivirus, anti-ransomware, privacy tools, data leak detection, home Wi-Fi monitoring and more. Learn moreFree trial Kaspersky Total Security Premium security & antivirus suite for you & your kids – on PC, Mac & mobile Learn moreFree, 30-day trial Kaspersky Internet Security Advanced security & antivirus suite for your privacy & money – on PC, Mac & mobile Learn moreFree, 30-day trial Kaspersky Internet Securityfor Mac Advanced security against identity thieves and fraudsters Learn moreFree, 30-day trial Kaspersky Internet Securityfor Android Advanced security – for your privacy & sensitive data on your phone or tablet Learn moreGet it on Google Play Kaspersky Anti-Virus Essential antivirus for Windows – blocks viruses & cryptocurrency-mining malware Learn moreFree, 30-day trial Free Tools * Kaspersky Security Cloud – Freenew * Kaspersky Password Manager * Kaspersky VPN Secure Connectionnew * Kaspersky Safe Kids * Kaspersky QR Scanner * Kaspersky Battery Life * View More * Renew * Downloads * Support * Resource Center * Blog * Business * News * Privacy * Products * Special Projects * Technology * Threats * Tips HomeHome SecurityResource CenterDefinitions WHAT IS TYPOSQUATTING? – DEFINITION AND EXPLANATION TYPOSQUATTING – MEANING AND DEFINITION Typosquatting is a type of social engineering attack which targets internet users who incorrectly type a URL into their web browser rather than using a search engine. Typically, it involves tricking users into visiting malicious websites with URLs that are common misspellings of legitimate websites. Users may be tricked into entering sensitive details into these fake sites. For organizations victimized by these attackers, these sites can do significant reputational damage. The ‘typo’ in typosquatting refers to the small mistakes people can make when typing on a keyboard. Typosquatting is also known as URL hijacking, domain mimicry, sting sites, or fake URLs. WHAT IS TYPOSQUATTING? Typosquatting is a form of cybercrime that involves hackers registering domains with deliberately misspelled names of well-known websites. Hackers do this to lure unsuspecting visitors to alternative websites, typically for malicious purposes. Visitors may end up at these alternative websites through one of two ways: 1. By inadvertently mistyping the name of popular websites into their web browser – e.g. gooogle.com instead of google.com. 2. Being lured to them as part of a broader phishing attack. The hackers may emulate the look and feel of the sites they are attempting to mimic hoping that users will divulge personal information such as credit card or bank details. Or the sites may be well-optimized landing pages containing advertising or pornographic content, which generate high revenue streams for their owners. Typosquatting is not only a problem for users – business owners are also affected, not least because every stolen visitor is potentially a lost customer. For this reason, companies and organizations should keep an eye on falsifications of their website and take action where appropriate. HOW DOES TYPOSQUATTING WORK? Typosquatting attacks start with cybercriminals buying and registering a domain name that is a misspelling of a popular website (some cybercriminals go so far as to buy multiple URLs.) For example, instead of purchasing example.com, the cybercriminal might buy examplle.com or exmple.com. A typosquatting domain becomes dangerous when real users start visiting the site. They may have typed the URL by mistake. Or they may have been lured there by a phishing scam, typically over email, which contains a link to the typosquatted website. Often, the fake site is designed to mimic the real version, using the real organization’s logo and design. Users who do not realize they are visiting a fake website may be tricked into entering sensitive information, such as their username and password or their bank or credit card details. The hackers can access this information and, if the victim uses the same username and password across multiple sites, then other online accounts will be at risk. To a large extent, typosquatting relies on confusion or simple human error, such as: TYPOS: Perhaps the most common error when entering search information, typos are often the product of our rushed day-to-day lives. Those who usually type quickly and imprecisely or rely heavily on autocorrect are especially prone to becoming victims of these domain types – for example, typing gogle.com instead of google.com. SPELLING ERRORS: Sometimes a user has not made a typo but is unaware of the correct spelling of a brand name, and squatters are well aware of this fact. For this reason, many businesses register misspelled variants of their site’s name before others can beat them to it – and then redirect these misspelled versions to their real homepage. ALTERNATIVE SPELLINGS: Alternative spelling options of common product names or services have the potential to confuse internet visitors. For example, there are variations between American English and British English – such as the word “favorite,” which is spelled “favourite” in British English. If your web address contains a word that is spelled differently in other countries, this could lead to a user inadvertently typing the wrong URL into their browser. HYPHENATED DOMAINS: The addition (or omission) of a hyphen in a domain name can also cause confusion. For example, if the URL is usually example-onlineshop.com, typosquatters might add an extra hyphen to deceive users – e.g. example-online-shop.com. At a glance, users may think this is the genuine site when in reality typosquatters are using it for malware or advertising purposes. WRONG DOMAIN ENDINGS: The range of domain endings for different countries, such as .com,.co.uk, .cn, etc, and also for different types of organizations – i.e. .com, .org, .web, .shop – creates further scope for typosquatting. This is why it is important for website operators to register a range of top-level domains to prevent different permutations from falling into the wrong hands. Typosquatters are especially fond of the Columbian top-level domain, .co, due to its similarity with the most widely used TLD, .com. TYPES OF TYPOSQUATTING The most common uses of typosquatted domains include: IMITATORS: As outlined above: the scam website passes itself off as the real thing, portraying itself as the correct site. For example, if the site is emulating a well-known bank, it will adopt the logo, color scheme, and page layout of that bank. The purpose of an imitator site is to host a phishing scam, gathering log-in credentials and personal data. BAIT AND SWITCH: The fake website purports to sell you something you might have bought at the correct URL. Often, these are digital purchases that are difficult to dispute on a credit card statement. The buyer does not receive the item they want, but they will still pay for it. RELATED SEARCH RESULTS LISTING: The owner uses traffic meant for the real site to drive traffic to competitors, charging them on a cost-per-click basis. MONETIZE TRAFFIC: Fake website owners host advertisements or pop-ups to generate advertising revenue from webpage visitors. SURVEYS AND GIVEAWAYS: The fake site pretends to be gathering customer feedback. In reality, its purpose is to collect enough information or data to carry out identity theft. AFFILIATE LINKS: The fake site redirects traffic back to the brand through affiliate links to earn a commission from all purchases via the brand's legitimate affiliate program. INSTALL MALWARE: The malicious website installs malware or adware on the devices of visitors. JOKE SITES: These sites ridicule or make fun of the existing site that the user intended to visit. The motivation in this instance is often revenge. CYBERSQUATTING VS TYPOSQUATTING A similar cybercrime to typosquatting is cybersquatting, also known as domain squatting. In this case, a person purchases URLs that have similar spellings to other websites and brands. Typically, the motivation is not to build a website at the address but to sell the URLs to the owners of the authentic websites and brands for maximum profit. Because companies want to protect their customers and brands, many feel compelled to buy URLs from cybersquatters and are often prepared to pay a premium to do so. This makes cybersquatting a profitable activity since it is often quite cheap for the cybersquatter to register domains for most TLDs. Cybersquatters want to make easy money. Typosquatters go further by wanting to hack into a person’s computer, so the victim is vulnerable to identity theft and security breaches. A variation on typosquatting is called combosquatting. This is where criminals register domains that are slightly different to legitimate domains by adding extra words, such as, amazon-onlineshop.com to confuse users into thinking it is a legitimate Amazon website. In this instance, no typos are involved, merely the presence of additional words to deceive users. TYPOSQUATTING EXAMPLES One of the earliest and most famous examples of typosquatting attacks involved Google. In 2006, typosquatters registered the site Goggle.com, which was operated as a phishing site. Over the years, variations on Google’s name – foogle, hoogle, boogle, yoogle (all chosen for their proximity to the letter “g” on qwerty keyboards) have been registered in an attempt to divert some traffic from the search engine. In the past, celebrities including Madonna, Paris Hilton, and Jennifer Lopez have fallen victim to typosquatting domains – with websites set up using variations of their name but used to host porn or ads or affiliate links, to trick unsuspecting fans. In the run-up to the 2020 US presidential election, it was reported that a number of candidates had typosquatting domains set up in their names by criminals with a variety of malicious motivations. HOW TO PROTECT YOURSELF AGAINST TYPOSQUATTING For individuals, you can minimize the risk of falling victim to typosquatting by: * Avoid clicking on links in unexpected emails, text messages, chat messages, or on unknown websites. Be careful when clicking on links in social media – when in doubt, avoid clicking. * Avoid opening email attachments unless you are sure of the source and sender. * Use antivirus software to monitor and protect against malware.A comprehensive cybersecurity program such as Kaspersky Total Security will help detect threats across the board and provide malware protection. * Hover over links and carefully inspect URLs before clicking on them. When inspecting a link, make sure you look for missing or extra letters/words, incorrect spelling, hyphens, and the suffix of the URL (i.e. google.com vs google.mailru.co). * Bookmark your favorite sites so you can visit them directly without having to type in the URL into your web browser. * Alternatively, navigate your way to websites by searching for them via search engines and then clicking on the URL from the results page. * Use voice recognition software to go to popular URLs. * Leave some or all of the sites you visit every day open in your browser tabs – most popular browsers offer the option to continue where you left off or to specify a set of sites to start with. * Use a safe search tool rather than typing URLs directly. For organizations, the best strategy is to try to stay ahead of typosquatting attacks: REGISTER TYPO VERSIONS OF YOUR DOMAIN BEFORE SQUATTERS DO Purchase important and obvious typo-domains and redirect these to your website. In addition, register other country extensions and other relevant top-level domains, alternate spellings, and variants with and without hyphens. Once registered, misspelled domains can easily be rerouted to the actual website with the help of redirects. USE ICANN’S MONITORING SERVICE ICANN is the Internet Corporation for Assigned Names and Numbers. Website owners can use ICANN’s Trademark Clearing House to find out how their names are being used within different domains. This service is available to nationally or internationally registered brands. USE SSL CERTIFICATES TO SIGNAL TRUST SSL certificates are an excellent way to signal that your website is legitimate. They tell the end-user who they are connected with and protect user data during transfer. A missing SSL certificate can be a sign you have been taken to an alternative website. NOTIFY STAKEHOLDERS If you believe someone is impersonating (or preparing to impersonate) your organization, let your customers, staff, or other relevant parties know to look out for suspicious emails or a phishing website. GET SUSPICIOUS WEBSITES OR MAIL SERVERS TAKEN DOWN The process for getting a website taken down varies by jurisdiction, but a great place to start is ICANN’s Uniform Domain Name Dispute Resolution policy. This outlines the process for trademark holders to raise complaints in order to have disputed sites taken down. While legislation in the US and other jurisdictions can help protect websites from typosquatters, taking legal action can be costly in terms of both time and energy. Taking preventative measures to ensure that your site does not become the target of typosquatting attacks in the first place is highly recommended. As with most forms of cyberattack, the key to preventing typosquatting is constant vigilance. Your website visitors rely on you to identify and shut down any scam sites operating under your name – if you don’t, you could lose their trust. Related Articles: * What Are SSL Certificates? * What are the different types of ransomware? * Ways hackers can violate your online privacy * What Are Scam Websites and How to Avoid Scam Websites WHAT IS TYPOSQUATTING? – DEFINITION AND EXPLANATION Kaspersky Typosquatting, also known as URL hijacking, is a social engineering attack that purposely uses misspelled domains for malicious purposes. Learn the risks. FEATURED ARTICLES WHAT IS A PUP? WHAT IS A PACKET SNIFFER? WHAT IS ZERO-CLICK MALWARE, AND HOW DO ZERO-CLICK ATTACKS WORK? WHAT IS A DIGITAL FOOTPRINT? AND HOW TO PROTECT IT FROM HACKERS WEP, WPA, WPA2 AND WPA3: DIFFERENCES AND EXPLANATION * PROTECTING YOU, YOUR FAMILY & MORE Get the Power to Protect. Discover how our award-winning security helps protect what matters most to you. * GET FREE TOOLS Our FREE security tools and more can help you check all is as it should be… on your PC, Mac or mobile device. * WE’RE HERE TO HELP Helping you stay safe is what we’re about – so, if you need to contact us, get answers to some FAQs or access our technical support team, click here. * WHO WE ARE Find out why we’re so committed to helping people stay safe… online and beyond. * GET YOUR FREE TRIAL Try Before You Buy. In just a few clicks, you can get a FREE trial of one of our products – so you can put our technologies through their paces. * RENEW YOUR LICENSE Save up to 30% when you renew your license or upgrade to another Kaspersky product * STAY IN TOUCH HOME PRODUCTS * Kaspersky Anti-Virus * Kaspersky Android Antivirus * Kaspersky Internet Security * Kaspersky Total Security * Kaspersky Security Cloud * Kaspersky VPN Secure Connection * Free Antivirus * All Products SMALL BUSINESS PRODUCTS (1-50 employees) * Kaspersky Small Office Security * Kaspersky Endpoint Security Cloud * All Products MEDIUM BUSINESS PRODUCTS (51-999 employees) * Kaspersky Endpoint Security Cloud * Kaspersky Endpoint Security for Business Select * Kaspersky Endpoint Security for Business Advanced * All Products ENTERPRISE SOLUTIONS (1000+ employees) * Cybersecurity Services * Threat Management and Defense * Endpoint Security * Hybrid Cloud Security * Cybersecurity Training * Threat Intelligence * All Solutions © 2022 AO Kaspersky Lab. All Rights Reserved. • Privacy Policy • Anti-Corruption Policy • Licence Agreement B2C • Licence Agreement B2B * Contact Us * About Us * Partners * Blog * Resource Center * Press Releases * Sitemap Select your country Global * Americas * América Latina * Brasil * United States * Canada * Africa * Africa * Afrique Francophone * Algéria * Maroc * South Africa * Tunisia * Middle East * Middle East * الشرق الأوسط * Western Europe * Belgique & Luxembourg * Danmark * Deutschland & Schweiz * España * France * Italia & Svizzera * Nederland * Norge * Österreich * Portugal * Sverige * Suomi * United Kingdom * Eastern Europe * Česká republika * Magyarország * Polska * România * Srbija * Türkiye * Ελλάδα (Greece) * България (Bulgaria) * Россия и Белару́сь (Russia & Belarus) * Україна (Ukraine) * Asia & Pacific * Australia * India * New Zealand * Việt Nam * ไทย (Thailand) * 한국 (Korea) * 中国 (China) * 中国香港 (Hong Kong) * 中国台灣 (Taiwan) * 日本語 (Japan) * For all other countries * Global Website We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information. Accept and Close