Typosquatting is a very common form of digital attack. The principle is extremely simple, and if you’re not careful, you can easily be fooled.
There are so many ways malware can infect your devices that it’s hard to know them all, but “typo”is one of the most insidious. As the name suggests, hackers create sites, download links, and other URLs that look official but are malicious, with small spelling errors that are difficult to detect.
The idea is simple, but tiposquatting is extremely effective. According to a recent study by Cyble and BleepingComputer, there are hundreds of these common-error URLs whose sole purpose is to infect Android or Windows devices with malware. And that only applies to specific typo campaigns. It is important to know how these attacks work and how to defend against them.
How does a typo work?
There are several methods for a successful tiposquatting attack. For example, hackers can create attractive login screens for popular apps and sites like TikTok or Twitter. Users “log in”to a fake site thinking they are on a legitimate site and thus give out their usernames and passwords, opening the door for a lot of unfriendly stuff.
Hackers can also publish malicious versions of popular apps, GitHub repositories, or other very common files using URLs very similar to official URLs. Sometimes they even use cloned versions of the files to make them look legitimate but secretly contain malware at the same time.
The typo campaigns detected by Cyble and BleepingComputer use dangerous malware such as Vidar Stealer that focuses on your banking information, logins and other sensitive personal data; Tesla Agent, which collects your information from browsers, VPNs and other applications; and even cryptocurrency theft schemes.
Whatever lies behind these poorly written URLs, the goal is to get people to open fake links instead of the real ones. A popular method is to use such links in phishing and smishing campaigns. Attackers send out emails or text messages purporting to be from one or another official service, and users follow the link. Sometimes users make a simple typo in a URL or search query and end up on a page with malware or download a dangerous file.
How to avoid typos
The best way for companies to fight these attacks is to buy these badly written URLs so that hackers can’t use them. That being said, there are ways to avoid them if you know what to look for.
As is often said about phishing attacks, the simplest solution is to never click on links or download files from unknown or suspicious sources. Turning on spam filters can help, but some fake links can still get through. Learn to recognize the signs of phishing.
In doing so, you may stumble upon a misspelled link by tricking yourself into typing the URL. So get in the habit of checking the URL of the site or link you enter correctly. You can also bookmark the sites you visit most often. You will definitely land on the real page.
Similarly, make sure it’s the correct download link on sites like GitHub. Check spelling to download real content.
Another important check: the presence of HTTPS, which is more secure than HTTP. Some browsers have an option to “enforce HTTPS”and will often not connect you to sites that don’t use HTTPS without notice.
Finally, good antivirus software can serve as a last line of defense against a malicious file that is accidentally downloaded. But don’t rely on this alone. You must be active every day.