url hijacking: Explainer: What is Typosquatting or URL hijacking and how to protect yourself from it

Typosquatting is a type of cyberattack where hackers try to trap internet users with a fake website which has a similar url as that of the real one, with a ‘typo’ or error in the address. Users who type in a web address without paying attention to what they are typing are the potential victims in such an attack as they are tricked into clicking on a malicious website link. They can also land at these websites through phishing links sent to them.
In such an attack, when the user arrives at a malicious site, hackers have different approaches to do harm. They might steal your banking credentials or earn revenue as these fake sites can be landing pages for various forms of advertisements. Businesses can also get affected by URL hijacking as they lose customers this way.
Typosquatting is also known by other names like URL hijacking, fake URLs, domain mimicry or sting sites.
How cybercriminals start with Typosquatting is that they first buy and register a domain name that is a misspelled name of the website of an ecommerce, banking or other popular/important sites. They can also go for multiple domain names to increase their chances at conning unsuspecting people. Then, they design the webpage elements of the fake website to mimic the real website so that the customers might not find something fishy when they accidently reach there.
For example, the real website url could be shopbooksonline.com. A Typosquatted variant of the same could be shop-books-online.com or shopbooks-online.com or shpbooksonline.com or shopbooksnline.com. Another example could be google.mailpk.com (fake) when all you want is to go to google.com.
How to protect yourself from Typosquatting or URL hijacking

  • Be very careful about clicking links that are part of unknown/suspicious emails, online chats, text messages, etc.

  • Do not click any link on social media or through unknown websites if something seems out of place there.

  • Check the url of the website link you are about to click by hovering over it. Look for typos there.

  • Bookmark your frequently visited sites to avoid typing in the url every time.

  • Do not open attachments that come in emails from unverified sources.

  • If you have to type, go to a trusted search engine first and type the website address there. Don’t type directly in the address bar.

  • If you think you have somehow landed on a fake website (assuming you realised this before you entered any sensitive details there), close the browser immediately.
  • Do invest in a paid antivirus solution for your devices to minimise the risks of such cyberattacks.

News Source link

Leave a Reply