Educators have made great strides in teaching digital citizenship to students. Many students now know the value of a strong password (that is, not shared with anyone), common phishing scams via email, and even how to spot fake news sites.
But few students realize that if they misspell a website URL, they may end up at a site that is more than they’ve bargained for.
Cybercriminals have figured out how to scam folks, even those who are trying to do all the right things. It’s likely that this has happened to you or someone you know. You type in the URL and hit Enter, not realizing that you made a small typo in the address. But you end up at the intended site, or so it seems, so you don’t catch your error.
Little do you know that those criminals have planned for your typo and created a mock site at which they hope to solicit personal information from you and/or gladly share malware with your system. The term given to this type of nefarious activity is typosquatting; you may have also heard of it by other names such as URL hijacking or cybersquatting.
To counter this, many retailers purchase misspellings of their own URL and have it automatically direct users to the intended URL. Those retailers who aren’t quite so savvy, or slow to purchase the misspelled domains however, may find that the criminals are getting free traffic each time a user accidentally makes that typo.
For example, Google’s main site is http://www.google.com. But they also have these other domains that, if you type, will automatically direct you to the correct page: gooogle.com (notice the additional “o”), googel.com (it should be “le”), and gogle.com (oops! an “o” is missing).
Strategies to Lessen the Likelihood of Being a Victim
Check Your Spelling
If you are typing the URL in the search box, be sure that you are typing the address accurately. Just a small typo can land you on a website that can be nefarious and damaging to your computer. If you have ended up at a typosquatting website, check to see if your browser allows you to block specific websites. If so, add the site to your list to prevent the mistake from happening again.
If you aren’t sure if your browser has this feature, check out Computer Hope’s post; you’ll find a variety of ways to block the website to protect you and others that may share your computer.
Verify Before You Click
If you are clicking on a link, be sure to check the spelling of the domain before clicking on the link. It is very easy to read what we think something says instead of what it really says, like the word puzzles that have “the the” in the sentence, but our minds only read it as one “the.”
If the URL is in a hyperlink in which the text is different than the URL, mouse over the hyperlinked text; you should notice the URL appear (typically in the bottom left of your browser). Paying attention to this can greatly reduce the chances that your computer is compromised by hackers who are creative enough to use typosquatting as one of their strategies.
Educate Your Users
If you are in a position that supports users and manages the network at your district, it is important to provide clear instruction and education to your employees. Though you probably already have SPF and DKIM included in your DNS and are utilizing anti-spoofing technology, don’t underestimate the creativity of hackers. After providing adequate training, make use of designated emails to catch those who are employing the strategies. All it takes is one user to infect their machine, which can then quickly spread to other users.
This education isn’t just limited to adult users. It is important for students to have appropriate information included as part of their digital citizenship curriculum. Also, it may be helpful (and appreciated) if basic information and strategies are shared with parents.
Are You Already a Victim of Typosquatting?
If you think you’ve been a victim, contact your information technology department. They can guide you in current strategies that are being used in the district, as well as specific recommendations for trusted browsers and possible browser extensions to use. They can also help make sure that your antivirus software is installed correctly and updates regularly without any effort on your part.
At TCEA, we want you to be safe as you surf the internet. For more information on how you can stay safe, check out our other posts related to cybersecurity, such as Five Cybersecurity Tips for Newbies and How to Adopt a Security Mindset, at https://blog.tcea.org/category/cybersecurity.