Be careful what you type: scams (and malware) lurk in misspellings

Be careful what you type: scams (and malware) lurk in misspellings

We all make typing mistakes, but due to a new type of scam, your fat fingers could cost you—big time.

It’s called typosquatting—creating a website that has a domain name that’s very similar to a legitimate, popular website, but takes advantage of common misspellings or accidental keystrokes. Examples recently discussed in the media include “twtter.com,” “wikapedia.com” and “googgle.com,” all designed to trick unsuspecting web users into visiting a malicious website.

At best, typosquatting websites simply display ads, objectionable material, or could be a storefront for goods of questionable authenticity.

At worst, these fake sites can look so real, they can trick you into revealing your login or payment credentials, or even place backdoors into your computer system or install ransomware without your knowledge.

Lately, scammers have been taking their efforts a step further by purchasing addresses that have “.om” endings (the domain suffix for the country of Oman) because it’s an easy typing mistake from “.com.” Don’t visit them, but know that addresses such as twitter.om, lego.om, icloud.om, marriot.om, panasonic.om and pizzahut.om have all been registered to people not associated with the real brands.

Sometimes companies do purchase web addresses that are common misspellings of their URLs and automatically redirect their customers (amazn.com is one)…but that is not always the case.

malware googleGoogle’s Transparency report shows how many phishing sites or malware sites the company detects each week—and it’s a lot. As of April 3 there were 16,127 malware sites and 43,987 phishing sites.

Don’t think it can happen to you? Think again. Read what happened to one of our employees…

A BendBroadband case study

“I keep thinking back and wonder if I would have done anything different knowing what I know now…but my answer is no. It was all just so convincing.”

Molly, a BendBroadband employee, was at home on her computer and typed in the URL for a popular healthcare company—or so she thought. Immediately, her screen turned blue and displayed a message telling her: “Your TDS computer has been compromised. Call the TDS approved number below to place a ticket.”

Because BendBroadband’s parent company is TDS Telecom, Molly didn’t think twice about calling the number. The person on the phone said they were with Microsoft, handling these cases on TDS’ behalf. The phone advisor sent Molly a link so he could remote in to her computer to see what was going on.

After gaining access to her computer, the person on the phone told Molly her machine was infected by the kaboto virus. Fortunately, that was the moment she started to get suspicious.

“The virus name was really odd, so I grabbed our iPad and looked it up on Google while he was talking.”

While she was doing her search, Molly was told she would need to pay $250 to clean the virus off her computer and that she would need monthly or even weekly cleanings moving forward. She was also asked whether she did any personal banking on her machine.

ID-10079658

By this time Molly had discovered that the “virus” wasn’t real and it was all part of a scam. She hung up the phone, turned off her computer and tried not to panic. Six minutes had passed since the “advisor” had gained remote access to her computer.

Soon, TDS’ real Remote PC Support team discovered the scammer’s digital fingerprints all over her files—likely scanning for information to steal her identity—and her computer was being loaded with inappropriate material. All in six minutes.

“It’s just so embarrassing to fall for something like that. But there were no red flags—it was all so sophisticated.”

What can you do?

It’s probably close to impossible to avoid all typosquatting websites because no one’s typing accuracy is 100 percent. However, there are things you can do help minimize your risk:

  1. Double-check your URL location. Since you probably can’t reduce the circumference of your fingers, be sure to check web addresses after the page loads. If you’ve really arrived at amazn.om and not amazon.com, don’t click on any links. Leave immediately (and it might not be a bad idea to clear your browser cookies too).
  2. Don’t type URLs directly. Rather than risking typos, it could be safer to simply use a reliable search engine such as google.com or yahoo.com to find the site you want (but make sure those search site URLs are right too!).
  3. Be skeptical—don’t click links. When in doubt, don’t call or click the links you see on your screen. Follow the guidelines for scareware and/or phishing scams. Also, don’t hesitate to reboot your computer (a hard restart) if necessary to get rid of any popup messages.
  4. If you did call or click, run antivirus software immediately. Make sure that software is up to date or malware might slip through. If you’re not sure, you might want to do what Molly did—call the experts. Remote PC Support is available as a subscription service or on a one-time basis. They can help you diagnose and resolve any problems.

Image courtesy of Stuart Miles at FreeDigitalPhotos.net

Sorry, comments are closed for this post.