Typosquatting is also called URL hijacking. It is a form of cybersquatting which relies on mistakes such as typographical errors made by Internet users when inputting a website address into a web browser.
Typosquatting is commonly used by hackers in phishing attacks to steal credentials for legitimate business websites by misdirecting users to clicking on look-alike domains, landing on an identically formatted website, and providing the hackers your login credentials which they steal.
For example: kmart.com could be typosquatted by someone who registers the domain krnart.com where the m is replaced with an R and an N. When viewed this way the similarity is striking: Kmart.com and Krnart.com
How does this affect your SMB?
Typosquatting affects SMBs in a few different ways. Typosquatting will mainly come into play when you are dealing with phishing attacks, as these are an easy way for hackers to compromise your data, network, and company. SMB’s need to worry about employees providing credentials to common Internet destinations such as Amazon, Microsoft, and Google when dealing with Typosquatting attacks.
Train your employees to carefully review the URLs in emails and to always be on the lookout for typosquatting attacks.
Breaking News on Typosquatting Attacks
On Jan. 13th, 2020, new Typosquatting attacks were reported by a US Based cybersecurity research firm Area 1 Security. They reported that Burisma, the Ukranian Energy company, who paid Hunter Biden to sit on their board during the Obama administration, and the company President Trump called for Ukrainian government officials to investigate, was targeted successfully by Russian hackers who registered multiple typosquatted domain names for Burisma and its subsidiaries. This allowed the Russian hacking group known as “Fancy Bear” to successfully phish employees at Burisma to break into their email servers and computer systems.
Do these attacks change CyberHoot advice for SMB’s?
No. Just because typosquatting email phishing attacks work on enterprises like Burisma, does not mean they won’t work on SMB’s as well. All businesses can be targeted with phishing attacks using typosquatted domain names. We simply must train our employees to be more vigilant. Follow this advice:
- When visiting websites manually type the domain name in or search in Google for the business in question. Don’t click links IN emails that could be a phishing attack.
- Adopting a Password Manager for excellent protection against Typosquatting attacks. Password Managers refuse to provide credentials to a bogus look-alike (typosquatted) website.
- Train, train, and train some more. Most employees have never been trained on these cybersecurity topics. They want to learn and understand how to protect themselves personally and professionally. Teach them with CyberHoot.