What is typosquatting?
Typosquatting, also called URL hijacking, a sting site, or a fake URL, is a form of cybersquatting, and possibly brandjacking which relies on mistakes such as typos made by Internet users when inputting a website address into a web browser. Should a user accidentally enter an incorrect website address, they may be led to any URL (including an alternative website owned by a cybersquatter).
Consider this scenario:
You type the name of a website in your browser, but you accidentally misspell it. So instead of typing facebook.com, you type faceboo.com, or instead of typing twitter.com, you type twiter.com. In most cases, the mistake is harmless. You'll either get an error that the site can't be found, or the misspelled domain name will lead you to the correct one if the company has purchased and registered the incorrect name.
In other cases, however, that misspelled name could actually lead you to a site from a rival company or even to a malicious site. Now imagine that happening to your own organization's website. A report released Wednesday by Digital Shadows describes the sneaky process of typosquatting (purchasing and redirecting a misspelled domain name), how it's affecting websites for several presidential candidates, and how it can affect a company.
In its research into typosquatting, Digital Shadows discovered more than 550 fake election domains set up against the 19 Democrats and four Republicans running for president as well as Republican Party funding sites. Among these counterfeit but registered Internet domain names, 68% redirect to another domain, often from a rival candidate. For example, the address Tulsi2020.co redirects to marianne2020.com. The address elizibethwarren.com redirects to donaldjtrump.com. The address winrde.com, a misspelling of WinRed.com, a platform to raise funds for Republican candidates, redirects to ActBlue, a fundraising site for the Democratic Party.
However, typosquatting can also lead a user to a malicious site. In its research, Digital Shadows found that six domains affecting Democratic Party candidates Joe Biden, Tulsi Gabbard, and Andrew Yang, as well as party funding pages, redirect to Google Chrome extensions for "file converter" or "secure browsing." If downloaded and installed, these extensions can be used to infringe on voter privacy and potentially deploy malware, according to the report.
Out of the more than 550 typosquatted domains, 66 were hosted on the same IP address and possibly operated by the same person. As Digital Shadows points out, that shows how easy and fast it can be for someone to register multiple fake domains, a problem that's likely to get worse the closer we get to the November 2020 Presidential election.
"Setting up a fake domain is easy with virtually no checks from the organization selling the address," Harrison Van Riper, a research analyst at Digital Shadows, said in a press release. "It's easy for malicious actors to dupe voters and just as easy to impersonate brands and companies to commit fraud. It's a problem we see every day."
In its report, Digital Shadows provides words of advice both for voters and for organizations to protect themselves against typosquatting and fake domains.
For voters concerned about fraud:
For organizations concerned about their own websites:
Letowon Saitoti Abdi
Senior Technical Support officer
|Digital Security Training|
From: 01-May-2019 to: 31-May-2019