In the run-up to Christmas, shoppers are warned to beware of "typosquatters," who prey on shoppers that misspell domain and website names. 'Typosquatting’ or ‘URL Hijacking’ are not a new phenomenon but recently there has been a significant increase in the number of these sites across the internet. Any company that gains a sizable online presence faces the threat of typosquatters, giant brands like Twitter, Facebook and Google have all been victims of typosquatters. Facebook and Google have in the past filed suits against alleged typosquatters contending that they are infringing on the company's trademarks, using domain names such as facebobk.com, fscecbook.com. One of the ways to increase the effectiveness of phishing campaigns is to utilize a typosquatting technique, a form of cybersquatting, where attackers register a domain name that mimics popular websites. Whether this is a mistyped domain name (Amaon instead of Amazon) or a letter substitution, this is an important technique to know about.
Careless Workplace Online Shopping Compromises Network Security
Cybercriminals are also reported to be registering legitimate sites with false suffixes such as '.org' or '.net'. With 80% of all online shopping taking place during office hours, employers need to be sure that when employees are shopping online using company equipment they are accessing safe and protected sites and not exposing the network and organization to threats that could have serious security and ultimately financial consequences. The retail industry is one of the worst-prepared for cyberattacks, yet it is also one of the most heavily targeted.
Fake retail websites tend to increase during the holiday shopping season. As with the fake charity sites, these bogus retail websites often register URLs similar to the actual store and also have valid TLS certificates that enable legitimate HTTPS transactions. This does not diminish the more standard online threats facing the retail industry, such as payment card skimming attacks, credential stuffing attacks and attempts on improperly secured databases; these are likely to also spike during the holiday shopping period.
Growth of Online Ad Networks Makes it Easier for Squatters.
With the continued growth of online ad networks, it’s getting easier for squatters to earn money off their ill-gotten traffic. A naïve or careless employee who falls for these scam websites believing them to be legitimate exposes the company's network and data which can have devastating consequences for a business compromising security and resulting in the expensive cleanup operation.
In preparation for the Christmas shopping spree and January sales, careful typing can help ensure company machines are not compromised but careful typing alone will not solve the problem.
Some Email & Web Security Tips :
- It is crucial that email and web security solutions are kept up to date
- It’s important that staff are aware that these sites exist and what the implications are for the organizations' security should an employee fall for the scam and believe one of these sites to be legitimate.
- Type carefully and be aware that these sites exist and can appear legitimate.
As these techniques increasingly succeed, attackers will continue to use this attack vector. If you want to be protected from typosquatting, we recommend you use WebTitan Cloud DNS Filtering which automatically blocks phishing websites. Don't be the next victim.