Beware of "Typosquatting" scams
Important information from CIRMA and the Multi State Information Sharing and Analysis Center:
What is "Typosquatting"? Typosquatting scams take advantage of typographical errors -- “typos” -- introduced by users when they type URLS in to the browser address bar. Cyber scammers purchase and register domains names that are very similar to an existing legitimate website. A typosquatted web address may omit or add characters, or swap characters such as an 'l' for an 'i'. By exploiting typing errors, scammers funnel unsuspecting users to illegitimate sites that closely mimic the legitimate site; unsuspecting visitors may then be infected with malware or tricked into reveal login or other sensitive personal data.
Typosquatted websites may be very hard to distinguish from the real thing. Cyber criminals often create similar-looking websites by directly copying the HTML from legitimate websites then add minor malicious changes. Successful typosquatting domains are used to generate ad revenue, display custom images or text, further scams and frauds, capture login credentials, and/or infect users with malware. The Typosquatters often target high- traffic and/or sensitive websites to exploit the greatest number of users or to gain unauthorized access to restricted information.
MS-ISAC Recommendations:
- When visiting websites you know, make sure the URL is free from typographical errors. If you don't know the website, use an Internet search engine to locate it.
- Verify links before clicking on them. The easiest way to check a link is by hovering over it with your mouse and carefully checking for typosquatting techniques; bookmark websites you visit often.
- Do not open unsolicited (spam) emails or click on the links or attachments in those emails.
|
|