Taking advantage of typos and typos of users, bad guys with sharp minds have devised Typosquatting attack techniques. So what is Typosquatting? We invite you to find out.
What is Typosquatting?
Typosquatting, also known as URL hijacking, website infection or URL spoofing, is a form of cybersquatting attack. This type of attack is based on the user’s typographical errors and typos when entering the website address into the browser. If you enter the wrong website address, users are at risk of accessing a fraudulent website, containing malicious code, advertising…
There are 5 common types of errors that are often used for typosquatting:
(Compare with root domain eg: diachiweb.com)
- Common misspellings like diachuweb.com
- Typo like diachiwbe.com
- A domain name similar to diachiwebs.com
- Type wrong domain name like diachiweb.org
- Type wrong domain names like diachiweb.cm, .co, .om. Every missing character in the .com domain name can lead to a fake, dangerous website.
Other types of Typosquatting attacks:
- Combosquatting: No mistake but adding an arbitrary word, seems reasonable to mislead users like diachiweb-uytin.com. Statistically, Cobosquatting is 10 times more popular than Typosquatting.
- Doppelganger domain: Skip the dot thietkediachiweb.com instead of thietke.diachiweb.com
- Add extra elements: a.thietkeweb.com
- Add words to create a visually appealing domain name like diachiweb-hay.com or diachiweb-ngon.com.
When entering the website of the bad guys, users can be deceived that they are visiting the real website by the same look, layout or copied content. Spam emails also sometimes use Typosquatting to trick users into visiting malicious or fake websites.
What does the bad guy perform a Typosquatting attack for?
Bad guys with sharp minds often buy misspelled domain names, typographical errors of famous websites, banking websites… to make nefarious profits. They make money by the following behaviors:
- To resell typographical and typographical domain names to the original domain owner
- Monetize ads on sites with typographical, typographical errors in domain names
- Redirect visitors to competitor’s website
- Redirect visitors back to the original website but through the affiliate link and earn commissions from that affiliate program.
- Create a fake website with a similar design to the original to steal users’ login information to steal money, this type of attack usually targets banking websites
- To install malicious code or revenue-generating adware on a user’s device
- Collect user’s email when they mistyped the address then use it for malicious purposes
- Domain names with typographical errors and spelling errors are also purchased by the original domain owners to prevent bad guys from taking advantage.
Examples of Typosquatting attacks
In 2006, a Google typographical domain name “Goggle.com” appeared, when accessing, users would enter a phishing/fraud website. Then, between 2011 and 2012, the domain Goggle.com was pointed to Google.com. In 2018, Goggle.com once again directed users to a website containing malicious advertising code. Currently, when you visit Goggle.com you will see a statistics blog page.
Another example is yuube.com, the typo version of youtube.com. When entering yuube.com, YouTube users will be redirected to a website containing malicious code, asking users to install a security check utility (actually malware) on the machine. Currently, yuube.com no longer links to a malicious website, but instead to a page containing ads.
It is possible to sue the attackers of Typosquatting
To attack Typosquatting, the bad guys will have to register using typographical and misspelling domains. Under the Uniform Domain Name Dispute Resolution Policy (UDRP), root domain name owners can sue registrants who are free of typos and typos to the World Intellectual Property Organization (WIPO). The owner of the root domain will have to prove that the faulty domain name registered is identical or confusingly similar to the original domain name. In addition, proof is required that the owner of the faulty domain name has no legitimate rights and interests with the original domain name and is using the faulty domain name with malicious intent.
How to protect yourself from Typosquatting
As an individual user, you can avoid becoming a victim of typosquatting by taking the following measures:
- Avoid clicking on links inside emails, SMS messages, messages via unknown apps or websites. Be careful when clicking on links on social media. When in doubt, don’t click.
- Avoid opening email attachments unless you are sure you trust the sender.
- Use anti-virus software to monitor and protect against malware. Powerful anti-virus software such as Microsoft Defender, Kaspersky… can protect you against the threats of malware and scammers.
- Hover over links to check or view source URLs before clicking them. When clicking on a link, you must make sure that the link has no missing or extra characters, no wrong words, no accents and no prefixes/suffixes (eg google.com vs google.mailru.co).
- Bookmark your favorite pages so you can access them directly, without typing URLs into your browser’s address bar.
- Alternatively, you can also find the page you like through the search engines and then click the URL in the search results.
- Use voice commands to access your favorite sites.
- Every day after finishing work, you do not need to close the pages that you often use. Keep it open because most current browsers have a mode to continue reopening every page you were opening when you used it last time.
In general, to avoid being attacked or scammed by Typosquatting, you should avoid typing the URLs of websites directly to a minimum.