Mistyping a URL can compromise your systems and bring your entire organization to its knees.
We’re not kidding. In the latest barrage of cyber attacks, more threat actors are relying on a methodology known as “typosquatting” or URL hijacking. It leverages the silly mistakes that many workers commit, which is mistyping letters on a keyboard.
Typosquatting refers to a threat actor setting up a website using a URL that closely resembles a common and trustworthy URL.
Think of it as typing compamy.com instead of company.com, the latter being the correct URL.
It’s actually pretty easy to set up, too. A threat actor can use publicly available images and fonts to make a malware site that closely resembles the website of legitimate companies and services. These same URLs may be used as part of phishing campaigns, too (think of getting an email from firstname.lastname@example.org instead of email@example.com asking you to update an expired password).
Recently, many of these malicious sites were discovered by cyber-intelligence firm Cyble and published by tech outlet BleepingComputer.
These include some sites that convincingly impersonate Google Wallet, PayPal, and even TikTok.
As detailed by Cyble, some of the domains include:
- payce-google[.]com – impersonates Google Wallet
- snanpckat-apk[.]com – impersonates Snapchat
- vidmates-app[.]com – impersonates VidMate
- paltpal-apk[.]com – impersonates PayPal
- m-apkpures[.]com – impersonates APKPure
- tlktok-apk[.]link – impersonates download portal for TikTok app
BleepingComputer also discovered a malicious site that impersonates the Tor Project, a 501(c)(3) nonprofit that maintains the software necessary to access the Tor anonymity project (which, in simple terms, can provide access to the Dark Web). This fake site in particular downloads the Agent Tesla keylogger.
Other sites invite you to share login information, download a file (which may be anything from keyloggers to ransomware), or send money.
Some browsers, including Google Chrome and Microsoft Edge, include typosquatting protection. However, this protection is not foolproof. It can miss domains. In fact, BleepingComputer found that the aforementioned browsers did not block a single domain that was tested.
The best way to protect yourself is to proofread carefully and be aware of what and where you’re navigating online. It also helps to use legitimate search engines, which are much more likely to rank the legitimate websites over malicious sites.
Additionally, be wary of the ads on which you click. One way that threat actors can push their websites on search engines is by buying ad space. While publishers generally do a good job of filtering fake or malicious ads, some can still slip through.
Additionally, Microsoft recommends the following:
- Whenever possible go to your important sites like banking, social media, or shopping from your own saved favorites, rather than by typing them into the address bar of the browser each time.
- If you do have to type an address into the address bar, type carefully and double-check that what you typed matches the address you intended to go to before you continue.
- If you’re typing in an address you’ve gone to before, your browser may offer to complete the address for you. Give it a quick look, but it’s usually safer to accept that suggestion.
- Never click a link you weren’t expecting in an email or other message, even if it appears to come from a trusted person or organization.
- If you have to click on a link, look carefully at the address it’s going to take you to. Usually just hovering your mouse pointer over the address will show you what address the link will really take you to.