Typosquatting is when someone registers a web address that’s a misspelling of a known website — usually a popular one. Typically, it’s done with cybercrime in mind.
Take the example of “Aamazon.com” over “Amazon.com.” A few things could happen:
- A person could mistakenly tap in a typo of “Aamazon” and wind up on a counterfeit “Aamazon.com” site.
- A scammer could use the “Aamazon” address in a phishing link sent by email, text, or social media — trying to trick victims into thinking it’s a legitimate link.
- The phony “Aamazon” address could show up in search, leading people to think it’ll take them to the legitimate Amazon site.
As you can imagine, all of this can lead to no good. Often, scammers set up typosquatting sites to steal personal and financial info. Victims think they’re on a legitimate site, shop, or conduct their business as usual, only to later find that they’ve had their info stolen, got ripped off, or some combination of the two.
Several real-life examples of typosquatting cropped up with the launch of AnnualCreditReport.com a few years back. Run by Central Source, LLC, the site is a joint venture of three major U.S. credit bureaus — Equifax, Experian, and TransUnion.
With the launch, scammers set up hundreds of copycat sites with typosquatted addresses.[i] Victims clicked on links thinking they took them to the real free credit reporting site. Instead, they fed their personal info into bogus sites. To this day, AnnualCreditReport.com recommends visiting the site by carefully typing the address into your browser and then creating a bookmark for it.[ii]
Aside from phishing attacks, typosquatters also use their bogus sites to spread malware. In some cases, they spread it by tricking victims into downloading a malware file disguised as, say, a coupon or offer. Other cases get a little more complicated in what are called “drive-by attacks.” With a drive-by, a victim doesn’t need to download anything to get malware on their device. Here, hackers plant code into their bogus sites that take advantage of known vulnerabilities.
To counter this, many businesses, brands, and organizations register typo-riddled addresses on their own. This prevents hackers and scammers from doing the same. Additionally, legitimate owners can have the typo’ed address redirect people to the proper address.
You can do a few things to protect yourself as well:
Be careful when clicking links in messages, emails, and texts.
Typosquatting addresses can look “close enough” to a legitimate address at first glance. Preferably, type in the address in your browser and access the site that way. (For example, when following up on an email notice from your credit card company.)
Also, you can use the combo of our Text Scam Detector and Web Protection. You’ll find them in our McAfee+ Plans. Together, they alert you of sketchy links and prevent you from visiting a malicious website if you tap or click a bad link by mistake.
Keep your operating system and apps up to date
Hackers try to exploit vulnerabilities in your devices and the apps you have installed on them. Regular updates fix these vulnerabilities and sometimes introduce new features and other improvements.
Also, be on the lookout when you search
Typosquatted sites and counterfeit sites in general appear in search results. Sometimes they appear on their own. Other times, scammers abuse ad platforms to push their bogus sites close to the top of the search results. We’ve also seen the newly released “AI overviews” in search include bad info in their summaries, including links. AI tools are only as good as the info they get fed, and sometimes they get fed junk.
[i] https://domainnamewire.com/2014/10/21/annualcreditreport-com-goes-after-a-big-typosquatter/
[ii] https://www.annualcreditreport.com/suspectPhishing.action