{"id":253452,"date":"2021-05-19T15:00:55","date_gmt":"2021-05-19T12:00:55","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/what-is-typosquatting-and-how-do-scammers-use-it-cloudsavvy-it\/"},"modified":"2021-05-19T15:00:55","modified_gmt":"2021-05-19T12:00:55","slug":"what-is-typosquatting-and-how-do-scammers-use-it-cloudsavvy-it","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/what-is-typosquatting-and-how-do-scammers-use-it-cloudsavvy-it\/","title":{"rendered":"#What is Typosquatting and How Do Scammers Use it? \u2013 CloudSavvy IT"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a27127f2109b\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a27127f2109b\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-typosquatting-and-how-do-scammers-use-it-cloudsavvy-it\/#What_is_Typosquatting\" >What is Typosquatting?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-typosquatting-and-how-do-scammers-use-it-cloudsavvy-it\/#How_Typosquatting_Works\" >How Typosquatting Works<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-typosquatting-and-how-do-scammers-use-it-cloudsavvy-it\/#Catching_Typos\" >Catching Typos<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-typosquatting-and-how-do-scammers-use-it-cloudsavvy-it\/#Creating_Look-a-Like_Links\" >Creating Look-a-Like Links<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-typosquatting-and-how-do-scammers-use-it-cloudsavvy-it\/#How_To_Protect_Your_Organization\" >How To Protect Your Organization<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong>&#8220;#What is Typosquatting and How Do Scammers Use it? \u2013 CloudSavvy IT&#8221;<\/strong><\/p>\n<div id=\"article-content-area\">\n<figure style=\"width: 5184px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage wp-image-11318 size-full\" data-pagespeed-lazy-src=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/05\/a534e622.jpg?width=1200&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"illustration of dot com\" width=\"5184\" height=\"3456\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\"><span class=\"type:primaryImage imagecredit\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.shutterstock.com\/image-photo\/domain-com-written-vintage-letterpress-type-230268088\">Shutterstock\/enterlinedesign<\/a><\/span><\/figcaption><\/figure>\n<p>One typing mistake and the typosquatters might catch you. It might sound like a cyberpunk thriller but it\u2019s a real cybersecurity threat. We explain what it is and how to protect yourself.<\/p>\n<h2 id=\"what-is-typosquatting\"><span class=\"ez-toc-section\" id=\"What_is_Typosquatting\"><\/span>What is Typosquatting?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Typosquatting uses modified or misspelled domain names to trick users into visiting fraudulent websites. Threat actors have several different typosquatting techniques at their disposal. Of course, they all benefit the criminals and defraud someone else. That someone else might be website visitors or it might be the owners of the website.<\/p>\n<p>At the heart of typosquatting is domain name registration. The threat actors register domain names that are very close to the real domain name they\u2019re impersonating, or they incorporate the genuine name and add elements to it. If a domain name isn\u2019t already registered, you can register it. It\u2019s that simple.<\/p>\n<p>If it can be shown that the registration incorporates the name, product, or brand of another company and is likely to deceive the public or penalize the genuine organization, the ownership can be challenged. But that h<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ens post-registration.<\/p>\n<p>Typosquatting is different from cybersquatting. Cybersquatters register domains that they know or hope will be required in the future by other organizations. The domain names are not misspelled, adapted, or misleading. They\u2019re normal domain names for which the cybersquatters predict a forthcoming need.<\/p>\n<p>For example, if they hear that a studio is adapting a book for the screen, they may register a domain in the name of the book. If the studio wants to create a website for its film, it\u2019ll find the name is already registered. They will have to haggle with the cybersquatter to buy it, or take legal action.<\/p>\n<p>Sometimes this happens accidentally. A famous case involved an entrepreneur called Uzi Nissan. In the 1980s He had several businesses named after himself. He registered the domain\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/nissan.com\/\">nissan.com<\/a>\u00a0in 1997, for his computer support company. After Datsun changed their name to Nissan they brought a case against Uzi Nissan, citing trademark infringement and brand dilution, and suing for $10 million. The legal wrangling ran on for eight years. It was finally settled 2007, in Mr.\u00a0Nissan\u2019s favor\u2014but fighting the case cost him $3 million. Nissan Motors currently uses the domain name\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/redirect.viglink.com\/?u=https%3A%2F%2Fwww.nissanusa.com%2F&amp;key=204a528a336ede4177fff0d84a044482\">nissanusa.com<\/a>.<\/p>\n<p>Typosquatting is classed as a form of <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">social<\/a> engineering because it relies on two human traits.<\/p>\n<h2 id=\"how-typosquatting-works\"><span class=\"ez-toc-section\" id=\"How_Typosquatting_Works\"><\/span>How Typosquatting Works<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>A typosquatting attack depends on one of two human traits. One is people mistyping a domain name. The other is\u00a0people glance-reading a domain name and seeing what they expect to see.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Catching_Typos\"><\/span>Catching Typos<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>People mistype things, it\u2019s easy to do. Cybercriminals leverage that by registering domain names that are common misspellings of genuine domain names. Each person who mistypes the domain name in a way that matches your misspelled domain name will arrive at your website, not the genuine website.\u00a0cybercriminals often register a whole range of domain names, capturing many variations in the spelling of the genuine domain name.<\/p>\n<p>This trap works because unless the computer rejects what you\u2019ve just typed, you don\u2019t know you\u2019ve made a typing error. If you don\u2019t notice you\u2019ve typed \u201camzon.com\u201d instead of \u201camazon.com\u201d and you\u2019re taken to a website that looks like the Amazon landing page, you\u2019re liable to believe you\u2019re on the real Amazon website.<\/p>\n<p>There are many ways a typosquatting website can benefit typosquatters. It may:<\/p>\n<ul>\n<li><strong>Mimic a Login Page<\/strong>: It will harvest login credentials and other personal data.<\/li>\n<li><strong>Install Malicious Browser Extensions<\/strong>: It may install malicious extensions such as keyloggers or adware in your browser.<\/li>\n<li><strong>Download Malware<\/strong>: Malware such as remote access trojans or keyloggers might be installed on your computer.<\/li>\n<li><strong>Redirect Traffic to Competitors<\/strong>: People might be redirected to a competitor\u2019s website.<\/li>\n<li><strong>Affiliate Fraud<\/strong>: The bogus website may redirect traffic to websites with whom the typosquatters have an affiliate agreement. Websites that have affiliate schemes reward partners who send traffic to them. The typosquatters get paid a tiny amount each time they redirect someone to the affiliate website. They register a host of domain names each based on the genuine website domain name, with a different spelling mistake in it. Simply redirecting that to the genuine website earns the typosquatters some money.<\/li>\n<li><strong>Mimic Download Page<\/strong>s: Typosquatting websites may mimic download sites for software, such as open-source projects. The website visitors download tainted versions of software libraries and developer toolkits instead of the real thing. The fraudulent toolkits and libraries are used in the development of the victims\u2019 own products turning them into a distribution tool for the threat actors\u2019 trojans, malware, and backdoors.<\/li>\n<li><strong>Promote an Ideology<\/strong>: The typosquatting website may present the actual organization in an unfavorable, misleading, or embarrassing manner. This lends itself to hacktivism.<\/li>\n<li><strong>Extortion<\/strong>: The typosquatters may offer to sell the typosquatted domain name to the genuine domain name owner.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Creating_Look-a-Like_Links\"><\/span>Creating Look-a-Like Links<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>The other form of typosquatting involves registering domain names that are visually similar to the real domain name. These are used in links in phishing email campaigns.<\/p>\n<p>The fake domain name must look like the genuine domain name, so it is constructed carefully to pass a quick glance. The types of trick used by typosquatters are:<\/p>\n<ul>\n<li><strong>Mimic Letters<\/strong>: Combining letters or digits to look like other letters. If you skim-read it, \u201crnicrosoft.com\u201d looks like \u201cmicrosoft.com\u201d, and \u201capqle.com\u201d looks like \u201capple.com\u201d.<\/li>\n<li><strong>Insert Foreign Characters<\/strong>: This is a more subtle way to mimic letters, with the imposing name of <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/IDN_homograph_attack\">IDN homograph attacks<\/a>. Characters like the Greek letters alpha \u201c\u03b1\u201d and omega \u201c\u03c9\u201d are difficult to spot in a typosquatting domain name.\u00a0 If you didn\u2019t know in advance, these two links would probably not raise any suspicions:\n<ul>\n<li><strong>clouds\u03b1vvyit.com<\/strong>: That\u2019s not an \u201ca\u201d in \u201csavvy.\u201d<\/li>\n<li><strong>ho\u03c9togeek.com<\/strong>: That\u2019s not a \u201cw\u201d in \u201chow.\u201d<\/li>\n<\/ul>\n<\/li>\n<li><strong>Wrong TLD<\/strong>: <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/List_of_Internet_top-level_domains\">The top-level domain<\/a> might be wrong. Domain names like \u201ccloudsavvyit.org\u201d or \u201ccloudsavvyit.net\u201d are convincing because there are no funny characters and everything is spelled correctly.<\/li>\n<li><strong>Adding Words<\/strong>: Words related to the content of the genuine site can be used to mask typosquatting domain names: \u201ctech<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">news<\/a>-howtogeek.com.\u201d<\/li>\n<li><strong>Removing Letters<\/strong>: A domain name might be subtly trimmed so that it still looks like a feasible domain name: \u201ccloudsavvy.com.\u201d The \u201cit\u201d is missing.<\/li>\n<li><strong>Add Periods<\/strong>: Adding periods to split the domain name is another easy modification that can fail to be spotted. Links are often underlined. This makes it more difficult to spot the inserted\u00a0 periods: \u201ccloud.savvyit.com.\u201d<\/li>\n<li><strong>Removing Periods<\/strong>: Registering a site like \u201cwwwhowtogeek.com\u201d can fool people into clicking a link&gt; It has all the expected components, it\u2019s just missing a period.<\/li>\n<\/ul>\n<p>These links are particularly effective in phishing campaigns because they pass one of the recommended tests. Staff are often told to hover their mouse pointer over a link in an email before clicking it. A tooltip or other on-screen notification will show them the destination of the link. If that matches the content of the email and the wording in the link, it is likely to be trusted.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"How_To_Protect_Your_Organization\"><\/span>How To Protect Your Organization<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>You might already be a victim of typosquatting. You can use <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/dnstwister.report\/\">dnstwister.report<\/a> to check.<\/p>\n<p>You can preemptively register typosquatting domain names yourself to prevent others from being able to use those names against you.<\/p>\n<p>Some internet service providers provide typosquatting protection as part of their services. if a user in your organization misspells a common domain name or clicks a look-a-like domain name in a link, they\u2019ll be blocked from connecting to the site. A warning page will tell them why.<\/p>\n<p>Keep an eye on website traffic figures. If it suddenly dips, it might be an indicator that some of your traffic is being siphoned off to a typosquatting site.<\/p>\n<p>Consider setting up and running your own in-house <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Domain_Name_System\">Domain Name System<\/a> server.<\/p>\n<p>Password managers will not offer to enter login credentials unless they are on the genuine domain. Typosquatting websites won\u2019t fool them into logging in.<\/p>\n<p>Awareness is a large part of the solution too. Knowing these traps are out there helps you spot them, so don\u2019t forget to update your staff.\n<\/p><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.cloudsavvyit.com\/11288\/what-is-typosquatting-and-how-do-scammers-use-it\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#What is Typosquatting and How Do Scammers Use it? \u2013 CloudSavvy IT&#8221; Shutterstock\/enterlinedesign One typing mistake and the typosquatters might catch you. It might sound like a cyberpunk thriller but it\u2019s a real cybersecurity threat. We explain what it is and how to protect yourself. What is Typosquatting? Typosquatting uses modified or misspelled domain names&#8230;<\/p>\n","protected":false},"author":1,"featured_media":253453,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/05\/a534e622.jpg","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-253452","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/253452","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=253452"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/253452\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/253453"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=253452"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=253452"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=253452"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}