Typosquatting: How online typing errors can lead to identity theft
NORTH WALES, Pa. - May 2, 2012 (WPVI) -- Tiny typos could lead to big problems when you're online. You could make your computer vulnerable to a virus, a scam, or identity theft.
It's all because of a security issue called typosquatting which has reached unprecedented levels of criminals trying to take advantage of the growing popularity of online shopping and social media.
Andrea Lacianca went online to buy some new running gear. She was trying to get to the website for Dick's Sporting Goods. But instead of typing in the entire name Andrea abbreviated it and ended up on a porn website.
"Oh my God, what have I done? And clicked x as fast as possible," she said.
Andrea's husband, Mike, also fell victim.
"I went to Raymour and Flanigan.com. I misspelled it and up popped this other website and just weird things started happening on the computer," Mike said.
Turned out, by going to the other website Mike ended up with a Trojan horse on his system which can give hackers remote access to your computer allowing them to infect it with other malware and even use your system for more nefarious, illegal purposes.
"But I could tell immediately something was wrong. There were pop ups coming up and stuff like that," he explained.
The Laciancas had unwittingly entered into the world of typosquatting also known as URL hijacking.
Typosquatters count on accidental misspellings or other mistakes to get people to their sites. For instance, you may type in dot-org instead of dot-com. Or instead of typing in Twitter.com to get the real Twitter website you may type in twitr.com and get a prize site pop-up.
If you enter in your personal information experts say now you're not just vulnerable to a computer virus but perhaps even worse to identity theft.
Many times, instead of ending up on a site that offers gifts, prizes, or sweepstakes you may end up on a phishing website site that looks just like the legitimate one.
"When you log into what looks like a legitimate merchant site - but it's not and you enter in your user name, your password, or any sort of payment information," said Rob D'Ovidio of Drexel University.
Computer security experts estimate there are thousands of so-called typosquatters. But there are also ways to avoid them. First and foremost pay attention to what you type into your web browser. A good way to get to popular merchants or financial institutions is to go through a search engine.
"Google, yahoo, bing, all the popular search engines are not only going to have legitimate addresses for those merchants and those financial institutions but they're also going to scan those sites for malware to prevent drive-by hacking," D'Ovidio said.
And, of course, use common sense. If a website looks suspicious or fishy it probably is so exit and try again.
For more information on typosquatting:
identity theft, special reports, brian taff
- 2 dead in Pennsauken doctor's office shooting ID'd
- Stormy to spectacular
- WATCH: Action News Online
- Get the new 6abc StormTracker app
- Tire dumping probe targets Wilmington shop
- Paraplegic man castrated in SW Phila. attack
- Police: Girl used in theft at Phila. nail salon
- Chrysler recalls 2.7 million Jeeps
- Teacher charged again for indecent exposure
- Construction worker killed on way to job
- US: Unruly traveler had worked at State Department
- 2 sought in Rehoboth Beach credit card fraud
- $325,000 Cash 5 ticket sold in Philadelphia
- Phillies activate Carlos Ruiz from disabled list
6abc.com News Links
Most Viewed StoriesMost Viewed VideoMost Viewed Photos