Typoquatting? What’s that now?

What is typosquatting? People are generally very bad at reading and understanding links they receive to websites and lots of people experience this.

Can you give me an example?

So for example if you were to go to the website b-Bravo o-Oscar i-India dot ie you will go to the official Bank of Ireland website, where you can access personal banking and business banking etc.

If you were to be given a link to b-Bravo o-Oscar l-Lima dot ie, that kinda looks like the correct link. It could take you to a clone website that looked like the Bank of Ireland website at that address. You could be fooled into providing lots and lots of personal information and access information to your account.

www.boi.ie

www.bol.ie

So that’s how they can potentially compromise you.

Any others?

Similarly you might have a situation where you are used to logging into the administration console for your Microsoft or Google accounts. Which would usually be accessed by going to admin.google.com or admin.microsoft.com.

But if you were given a link that says admingoogle.com or adminmicrosoft.com and then you were presented with a login page to access your account. That way, if you did that, these guys could potentially get your credentials for the admin portal and they could wreak a lot of havoc with that.

admin.google.com

admingoogle.com

In that situation something like a password manager would be very helpful, it would prevent you entering your passwords into that portal.

So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.

How can L2 Cyber Security help you?

We offer a full range of training programmes, which can be delivered online or in-person*.

L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.

Contact us for more information at info@L2CyberSecurity.com.

*With appropriate social distancing and other health and safety measures adhered to.

Follow us on Social media:

Liam is available on Twitter, LinkedIn and Instagram.

Follow L2 Cyber on Twitter, LinkedIn, Instagram and Facebook.

© L2 Cyber Security Solutions

The post #WeekendWisdom 065 Typosquatting appeared first on L2 Cyber Security Solutions Ltd..

Essentially this is where the bad guys have a web page at an address that is very very very close to the spelling of a popular or well known webpage and they count on you having a typo and either missing a letter (e.g. instgram.com) or hitting an adjoining letter (e.g. facebooo.com) in error.

Don’t try this on your desktop/laptop/tablet/phone. I have a separate, sacrificial machine which I can use for such things.

I tried to access www.instgram.com (missing the “a” in the middle) and received the following page:

Notice the address where it is going to (circled in yellow) – that is not an Instagram address, but some sort of ad/advertising address.

When I clicked to continue, I got:

I didn’t continue any further, as I googled gr8musik.com and the results indicated it was a scam site, which if you registered with it, would take money from your credit card, even though you were supposed to be in some kind of a free trial period.

Similarly, I tried www.facebooo.com (an “o” instead of the “k”) and got the following:

This was just some kind of survey. But you never know what you will get. A subsequent attempt to go to www.instgram.com brought me to the survey, followed by the survey (again), followed by a sign-up form for mcplayz.com (identical to the above gr8musik.com). So these crooks are randomly sending you to different pages trying to compromise you in someway.

According to this post, the victim’s typo sent him to a “Technical Support” page, where he was advised that his PC was locked and he needed to telephone for support. If he did this, the scammers at the other end of the line would have talked him through giving them remote access to the PC and then they would have totally locked him out and looked for his credit card details to “fix” the problem.

Some pages reached by a typo try to apparently show you a video, but then indicates there is a problem and that you need to download a specific video player to watch it. For example, the following headline is tempting you to watch the video to get your hands on software worth $7,000.

These will typically download what is referred to as adware, and if you read our last week’s post about the Fireball adware, you can see  how insidious that adware can be. Adware will take control of your browser and fire ads at you while you are trying to use the internet. It might also re-direct your searches to odd search engines, which will likely attempt to track you and violate your personal privacy on the internet.

So just be careful when typing addresses. Better still use bookmarks.

If you do inadvertently get taken to some page that you never intended to go to, just close the browser immediately by way of the X in the top right-hand corner of the window. You might get warnings about losing data, just ignore them and close that browser. It would do no harm to run a spyware check on your PC at this point, in case any adware did manage to sneak in without your knowledge or permission. There are free tools from Malwarebytes or Safer Networking that can do this for you, but you might want to also talk to some real life technical support (a techy friend or the IT team in your place of employment) about it and have them give your PC a once over.

Whatever you do, don’t continue to engage with a website that you weren’t intending to visit and stay safe.

The post How a typo can cause you problems. appeared first on L2 Cyber Security Solutions Ltd..