What is typosquatting, and how can this seemingly insignificant error lead to catastrophe for you?
Considering the speed at which you usually type on your computer, it is normal to make some typosquatting mistakes, and this can sometimes be dangerous. It is time for you to know what this typosquatting is and what it consists of, which is very common during big shopping trips.
Imagine this for a moment: You’re desperately searching for the perfect gift for a loved one. In the rush, you quickly type in the address of your favorite online store. However, a simple swipe of your fingers can lead you to a website that looks identical to the original but is actually a scam designed to steal your personal and financial information.
What is typosquatting?
Typosquatting is a form of cyberattack that takes advantage of common typos we make when typing web addresses. Cybercriminals register domains with names that are very similar to popular websites, hoping to capture traffic from users who make typos. An example is shown below when typing Google’s website incorrectly.
This technique goes beyond simple typos. Attackers use a variety of methods to create deceptive URLs:
Common misspellings: for example, "amazom.com" instead of "amazon.com.".
- Swap letters: like "gogole.com" instead of "google.com.".
Replace similar characters: Use "rn" to imitate "m," as in "arnazon.com.".
Add or remove letters: "facebok.com" or "facebookk.com.".
Use different top-level domains: "amazon.net" instead of "amazon.com.".
The goal is to create a website that looks as close to the original as possible, both in URL and design, to trick users into stealing sensitive information or distributing malware.
If you enter your payment details, cybercriminals will already have stolen your information. They can use your card to make online purchases or sell your personal data on the dark web.
Be very careful because many real cases are known.
As for the cases, quite a few are known. For example, in 2018, the “amazonsecure.com” domain was discovered that imitated the Amazon login process to steal user credentials. This fake site exploited the trust in the Amazon brand to trick people into giving them their login details.
On the other hand, eBay and PayPal were also targeted. In the first case, the website “ebaysecure.com” was able to trick buyers into believing they were using a secure version of eBay. In the second case, the domain “paypa1.com” (using “1” instead of “l”) was discovered and used in a massive phishing campaign. This website stole login credentials from users who thought they were accessing their PayPal account.
Ultimately, your best defense against typosquatting is yourself. Awareness and caution are your best allies. Treat every online purchase as you would in the physical world. You wouldn’t walk into a store with a typo in a dark alley, would you? Apply the same logic to your digital purchases.
So, the next time you’re about to click on an amazing offer, pause for a moment. Check the URL, look for security signs, and ask yourself: Is this too good to be true?