The term typosquatting may sound strange to the vast majority of Internet users, but that does not mean that they are unaware of the potential risk of becoming victims of this deception technique.
But… what exactly is typosquatting ?
It refers to the fact that a user ends up on a web page that is not the one they were looking for due to accidentally typing the URL incorrectly in their browser.
The problem is that these errors by users when typing in a web denmark phone number data address are sometimes exploited by cybercriminals as they try to reserve domains similar to legitimate services with malicious intentions, which can range from a simple website that displays advertising to others that impersonate a company or that host some type of malware or executable file that is downloaded to the victim's devices when they access it.
What are the most common mistakes made by users that cause typosquatting ?
Spelling mistakes when writing the web address, either because you do not know the name well, because it is in another language or because you write too quickly.
Error in the domain extension, for example, writing a .com when it is actually a .es.
An example makes it easier to understand: if a user were trying to access the OSI website ( www.osi.es ) and mistakenly typed an “e” instead of an “i”, www.ose.es , the browser, in the event that a “ typosquatter ” was in possession of this domain, would not give an error and would load another website for the user with content that has nothing to do with the OSI.
What are the most common uses of this type of website by cybercriminals?
Creation of web pages with a multitude of banners advertising products and services. These banners could be malicious and redirect to fraudulent advertisements.
Hosting malware to try to download it onto the devices of users who visit the website. For example, they could take advantage of vulnerabilities in their browsers or plugins/add-ons installed without updating to sneak into the devices to commit different types of malicious activities: encrypt stored information, delete it, install spyware, capture access keys to user services, chat conversations, etc.
Impersonating a legitimate website, phishing , with the aim of stealing users' personal and banking data.
Some large companies combat this type of fraud by purchasing domains similar to their URLs in order to redirect users to the legitimate website if they type the address incorrectly and thus prevent cybercriminals from using them for malicious purposes. But this is not always possible, so you definitely have to be careful and cautious when typing web addresses into the browser. A bad spelling could take you to a website with dubious content or even infect your device.
