Typosquatting: How online typing errors can lead to identity theft
NORTH WALES, Pa. - May 2, 2012 (WPVI) -- Tiny typos could lead to big problems when you're online. You could make your computer vulnerable to a virus, a scam, or identity theft.
It's all because of a security issue called typosquatting which has reached unprecedented levels of criminals trying to take advantage of the growing popularity of online shopping and social media.
Andrea Lacianca went online to buy some new running gear. She was trying to get to the website for Dick's Sporting Goods. But instead of typing in the entire name Andrea abbreviated it and ended up on a porn website.
"Oh my God, what have I done? And clicked x as fast as possible," she said.
Andrea's husband, Mike, also fell victim.
"I went to Raymour and Flanigan.com. I misspelled it and up popped this other website and just weird things started happening on the computer," Mike said.
Turned out, by going to the other website Mike ended up with a Trojan horse on his system which can give hackers remote access to your computer allowing them to infect it with other malware and even use your system for more nefarious, illegal purposes.
"But I could tell immediately something was wrong. There were pop ups coming up and stuff like that," he explained.
The Laciancas had unwittingly entered into the world of typosquatting also known as URL hijacking.
Typosquatters count on accidental misspellings or other mistakes to get people to their sites. For instance, you may type in dot-org instead of dot-com. Or instead of typing in Twitter.com to get the real Twitter website you may type in twitr.com and get a prize site pop-up.
If you enter in your personal information experts say now you're not just vulnerable to a computer virus but perhaps even worse to identity theft.
Many times, instead of ending up on a site that offers gifts, prizes, or sweepstakes you may end up on a phishing website site that looks just like the legitimate one.
"When you log into what looks like a legitimate merchant site - but it's not and you enter in your user name, your password, or any sort of payment information," said Rob D'Ovidio of Drexel University.
Computer security experts estimate there are thousands of so-called typosquatters. But there are also ways to avoid them. First and foremost pay attention to what you type into your web browser. A good way to get to popular merchants or financial institutions is to go through a search engine.
"Google, yahoo, bing, all the popular search engines are not only going to have legitimate addresses for those merchants and those financial institutions but they're also going to scan those sites for malware to prevent drive-by hacking," D'Ovidio said.
And, of course, use common sense. If a website looks suspicious or fishy it probably is so exit and try again.
For more information on typosquatting:
identity theft, special reports, brian taff
- Oil slicks found in hunt for missing Malaysian jet
- Finally, a nice weekend! 47 min ago
- Get the 6abc StormTracker app
- WATCH: Action News Online
- Police: Bucks Co. mom arrested for Walmart theft
- 5 wounded and hospitalized in Trenton shooting
- Woman trapped after crashing SUV in Darby Boro 45 min ago
- Pa. Trooper's pregnant wife killed by gun discharge
- Suspect sketch in fatal Collingdale hit-and-run
- 2 arrested, 1 sought after cop hit by car in Delco
- West Philadelphia body ID'd as missing woman
- Chaput, Nutter, Corbett announce Vatican trip
- UPenn's Foal Cam gives LIVE view into horse's birth
- Photos: $3.25M summer home in Ocean City, NJ
- Finally, a nice weekend!
47 min ago
6abc.com News Links
Most Viewed StoriesMost Viewed Photos