Special Reports

Typosquatting: How online typing errors can lead to identity theft

Wednesday, May 02, 2012

Tiny typos could lead to big problems when you're online. You could make your computer vulnerable to a virus, a scam, or identity theft.

It's all because of a security issue called typosquatting which has reached unprecedented levels of criminals trying to take advantage of the growing popularity of online shopping and social media.

Andrea Lacianca went online to buy some new running gear. She was trying to get to the website for Dick's Sporting Goods. But instead of typing in the entire name Andrea abbreviated it and ended up on a porn website.

"Oh my God, what have I done? And clicked x as fast as possible," she said.

Andrea's husband, Mike, also fell victim.

"I went to Raymour and Flanigan.com. I misspelled it and up popped this other website and just weird things started happening on the computer," Mike said.

Turned out, by going to the other website Mike ended up with a Trojan horse on his system which can give hackers remote access to your computer allowing them to infect it with other malware and even use your system for more nefarious, illegal purposes.

"But I could tell immediately something was wrong. There were pop ups coming up and stuff like that," he explained.

The Laciancas had unwittingly entered into the world of typosquatting also known as URL hijacking.

Typosquatters count on accidental misspellings or other mistakes to get people to their sites. For instance, you may type in dot-org instead of dot-com. Or instead of typing in Twitter.com to get the real Twitter website you may type in twitr.com and get a prize site pop-up.

If you enter in your personal information experts say now you're not just vulnerable to a computer virus but perhaps even worse to identity theft.

Many times, instead of ending up on a site that offers gifts, prizes, or sweepstakes you may end up on a phishing website site that looks just like the legitimate one.

"When you log into what looks like a legitimate merchant site - but it's not and you enter in your user name, your password, or any sort of payment information," said Rob D'Ovidio of Drexel University.

Computer security experts estimate there are thousands of so-called typosquatters. But there are also ways to avoid them. First and foremost pay attention to what you type into your web browser. A good way to get to popular merchants or financial institutions is to go through a search engine.

"Google, yahoo, bing, all the popular search engines are not only going to have legitimate addresses for those merchants and those financial institutions but they're also going to scan those sites for malware to prevent drive-by hacking," D'Ovidio said.

And, of course, use common sense. If a website looks suspicious or fishy it probably is so exit and try again.

For more information on typosquatting:
http://www.benedelman.org/typosquatting/typosquatting.pdf
http://www.infoworld.com/d/security/typosquatting-hacks-finger-slips-sink-ships-174049
http://www.wired.com/threatlevel/2011/09/doppelganger-domains/
http://www.internetsafetyproject.org/wiki/typosquatting

(Copyright ©2014 WPVI-TV/DT. All Rights Reserved.)

Get more Special Reports »


Tags:
identity theft, special reports, brian taff
blog comments powered by Disqus
Advertisement