Typosquatting dupes unwary
Similar but false URLs often lead to malicious software
The proliferation of fake news has shone a light on another murky corner of the Web — the practice of typosquatting.
These are the URLs that pass for common ones — say Amazoon.com instead of Amazon.com — if the user isn’t paying close attention to the Web address.
Always eager to capitalize on human inattention, cyber criminals have embraced this method of registering a commonly misspelled Web address to use as a base for the distribution of malware or to steal information from unsuspecting users.
“They create a site that looks essentially like the real one, at least on the surface. It’s fairly straightforward to do, and then you’re simply relying on human nature to not notice,” said Steve Grobman, chief technology officer at Intel Security.
Sometimes called URL hijacking, multiple sites have been hit with the ploy, including usatoday .com (usatodaycom.com) and abcnews.com (abcnews.com.co).
The technique can make made-up stories seem more le- gitimate and give them a brief but powerful ride in legitimate news sites until they’re debunked. Such articles played a role in this year’s presidential election, though how much they influenced the outcome is unknown.
On Nov. 17, a fake story claimed to report someone paid $3,500 to protest at rallies for then-presidential candidate against Donald Trump. The story was credited to the Associated Press, though it was not from that legitimate news outlet and appeared on the fake news site abcnews.com.co.
The story was in fact created by Paul Horner, who earns his living writing fake stories and who told The Washington Post he made $10,000 each month selling ads on his fake news sites.
In May, the same fake ABC site published a “story” that Michael Jordan was threatening to move his NBA team from Charlotte unless the state repealed a recently-passed law that kept transgender people from using the bathroom of their current, as opposed to original, gender.
The fake story was picked up by multiple outlets before it was finally unmasked as a hoax.
Fraudsters use counterfeit sites as phishing farms, trying to entice those who visit them to fill out personal information that can be used to steal credentials and other potentially saleable information.
Companies can’t always protect themselves against this type of fraud because they can’t register every conceivable variant on their names.
“It’s too expensive and inefficient. Though they do tend to register the most common typos. Then they just have to monitor,” said Akino Chikada, senior brand protection manager with Mark-Monitor, a San Francisco-based company.
Many security software programs are fairly effective against blocking such typo-ridden URLs if they go to a known malware-infected site, but some can slip through, Grobman said.
The key is awareness and taking an extra moment to stay safe. That includes glancing at a URL before accepting it as valid.
“They create a site that looks essentially like the real one, at least on the surface. ... Then you’re simply relying on human nature to not notice.” Steve Grobman, chief technology officer at Intel Security