Source: Freepik
The internet offers many opportunities – but also risks. One of the lesser known but potentially very dangerous threats in the field of cyber security is typosquatting. But what does this term actually mean? Typosquatting refers to a technique in which attackers attempt to redirect users to fake or unwanted websites. This is usually done by exploiting typos or similar domain names of well-known websites. Instead of the actual website, you end up on a page that looks deceptively similar to the real one or contains completely different, sometimes malicious content.
How Does Typosquatting Work?
Typically, cyber criminals register domain names that strongly resemble known web addresses – for example by
- Swapping letters (e.g. ‘googel.com’ instead of ‘google.com’)
- Forgetting a letter (e.g. ‘amazn.de’ instead of ‘amazon.de’)
- Additional characters (e.g. ‘paypal-secure.com’)
- Other domain extensions (e.g. ‘.net’ instead of ‘.com’)
As soon as such an incorrect URL is entered into the browser, the user is redirected to the wrong page. Various risks can lurk there, such as phishing attempts (tapping into passwords or credit card details):
- Phishing attempts (tapping into passwords or credit card details) You can read more about phishing in our other articles.
- Spread of malware
- Advertising or dubious content
- Fraudulent shops
Why Is Typosquatting Dangerous?
At first glance, fake websites often appear harmless or barely distinguishable from the original. Especially under time pressure or with inattentive users, the probability of disclosing sensitive data or starting malicious downloads is high. This not only threatens companies with a loss of image, but also direct economic damage.
How can you protect yourself?
A conscious approach to URLs and websites can help to protect against typosquatting. Here are some tips:
- Check the URL carefully: It is worth taking a second look at the address, especially when entering sensitive data.
- Use bookmarks: Bookmarks in the browser can help to call up the correct address – but they are not one hundred per cent protection.
- Check SSL certificates: Look for the small lock symbol next to the web address.
- Use the latest browser: Modern browsers offer protection mechanisms and warnings for suspicious websites.
- Be careful with links in emails or messages: It is better to always go directly to the official page via URL instead of clicking on links.
URL Security at the IT Center
At the IT Center we attach great importance to security in the digital space. We support students, staff and researchers in protecting themselves against threats such as typosquatting. Through education and secure IT infrastructures, we help to raise awareness of cyber risks and ensure the safe use of web services. That’s why we always keep the IT-Security category up to date. If you have any questions or uncertainties about IT security, our IT-ServiceDesk is always on hand to provide advice.
At first glance, typosquatting may appear to be a sophisticated but harmless scam. In reality, however, it can have serious consequences for individuals and companies. A watchful eye, technical protective measures and education are crucial to staying safe online.
Responsible for the content of this article is Malak Mostafa.
Leave a Reply