Mistyped URLs can land you in hot water explains Greg Day, security analyst at McAfee
Just when you thought you were on top of the risks online another threat presents itself. Twenty years ago we learnt that infected floppy disks could spread viruses so we learned how to deal with that. Then we got used to social engineering techniques and stopped clicking on every link or file we were sent. But the evolution of threats didn’t stop there and we have since been learning to deal with spam, phishing and other online scams, to make sure that our personal information is not being targeted. However, that’s not the end of it as even our own spelling errors can land us in trouble, with typosquatters just waiting for us to make mistakes.
Typosquatting is the term used to describe how malicious-minded Internet fiends out there prey on those of us who mistype web addresses, registering common misspellings of popular domain names and products to then redirect those who make mistakes to alternative websites. In fact, a typical person misspelling a popular URL has a 1 in14 chance of landing at a typo-squatter site.
These sites – run by the typosquatters – then generate click-through advertising revenue, lure unsuspecting consumers into scams, harvest email addresses in order to flood unsuspecting Internet users with unwanted email and can even result in malware infections. This just goes to show that when it comes to keeping yourself secure on the Internet, it’s an ever-moving target and there is a real need to continuously question the validity of sites and sources in order to maintain your Internet safety.
The use of URLs that look like the real thing but are in fact far from it should come as no real surprise. Just as phishing emails replicate valid messages from banks and the perpetrators of malware attempt to make you download a file by claiming it is something that will appeal to you, the bad guys out there know what the average Internet user is interested in and what will appeal to the greatest number of surfers.
This tactic is no different to physical retailers trying to pass off fake goods as something altogether more legitimate. It’s important to learn what to look out for, as at worst, typosquatting can lead to innocent computer users becoming the victims of online scams or “get rich quick” tricks.
If your business has an online presence, the danger is that your customers may unwittingly be lured from your site to one that may well look similar at first glance but is far from it. A recent example of a brand that has been targeted by typosquatters is the iPhone – although it was released fairly late in 2007, it was predicted that by the end of that year there would be approximately 8,000 URLs using “iPhone”. Gaming sites and airline sites also emerged as being highly squatted.
So with they way that online villains constantly change approach to try to trick us, how can we maintain good security and protect our identity? Well the reality is that those bad guys are always trying to stay one step ahead of us but we don’t need to let them. The bottom line is that you’re not sure of the URL you’re looking for, you’re far safer using a search engine than trying to make a guess. If we stay alert, are careful with the information we share and the websites we visit, and also use security technology to block or highlight risks, there is no reason why we can’t continue to get the most out of the Internet. With the right approach, the Internet can continue to play a pivotal role in our lives and we can protect our friends and families from those who will continue to try to trick us.
McAfee International Ltd is exhibiting at Infosecurity Europe 2009, Europe’s number one dedicated Information security event. Now in its 14th year, the show continues to provide an unrivalled education programme, the most diverse range of new products & services from over 300 exhibitors and 12,000 visitors from every segment of the industry. Held on the 28th – 30th April 2009 in Earls Court, London this is a must attend event for all professionals involved in Information Security. www.infosec.co.uk
Source: Infosec PR
<>