Typosquatting is when a cybercriminal registers a domain closely related to a legitimate domain, in the hopes to lure unaware users onto the site. An example would be a cybercriminal registering yahooo.com or yaahoo.com in the hopes that whoever is trying to access yahoo.com misspelled it and thusly is directed to their website. This is why it is known as typosquatting, as cybercriminals rely on users to misspell a certified domain and access theirs instead.
Usually, the typo-squatted domain looks exactly like the real domain, and it lures users to input their login credentials so that they can acquire personal information. This causes people to then have their accounts compromised and any information on them as well.
How do I prevent being a victim of Typosquatting?
- Type the website into a search engine and not the web browser
- Verify that the website is using HTTPS (The lock icon in the left part of your web browser)
- Bookmark the legitimate website so that you don’t have to enter the website into the web browser
- Verify that everything is spelled correctly in the web browser
- Hover over the URL link in the search engine to verify that the URL that pops up is for the correct website
Typosquatting, although an easy social engineering attack to avoid, can still cause damage if not careful. I recommend following the above steps, and you will be safer on the Internet.