Typosquatting: How online typing errors can lead to identity theft
NORTH WALES, Pa. - May 2, 2012 (WPVI) -- Tiny typos could lead to big problems when you're online. You could make your computer vulnerable to a virus, a scam, or identity theft.
It's all because of a security issue called typosquatting which has reached unprecedented levels of criminals trying to take advantage of the growing popularity of online shopping and social media.
Andrea Lacianca went online to buy some new running gear. She was trying to get to the website for Dick's Sporting Goods. But instead of typing in the entire name Andrea abbreviated it and ended up on a porn website.
"Oh my God, what have I done? And clicked x as fast as possible," she said.
Andrea's husband, Mike, also fell victim.
"I went to Raymour and Flanigan.com. I misspelled it and up popped this other website and just weird things started happening on the computer," Mike said.
Turned out, by going to the other website Mike ended up with a Trojan horse on his system which can give hackers remote access to your computer allowing them to infect it with other malware and even use your system for more nefarious, illegal purposes.
"But I could tell immediately something was wrong. There were pop ups coming up and stuff like that," he explained.
The Laciancas had unwittingly entered into the world of typosquatting also known as URL hijacking.
Typosquatters count on accidental misspellings or other mistakes to get people to their sites. For instance, you may type in dot-org instead of dot-com. Or instead of typing in Twitter.com to get the real Twitter website you may type in twitr.com and get a prize site pop-up.
If you enter in your personal information experts say now you're not just vulnerable to a computer virus but perhaps even worse to identity theft.
Many times, instead of ending up on a site that offers gifts, prizes, or sweepstakes you may end up on a phishing website site that looks just like the legitimate one.
"When you log into what looks like a legitimate merchant site - but it's not and you enter in your user name, your password, or any sort of payment information," said Rob D'Ovidio of Drexel University.
Computer security experts estimate there are thousands of so-called typosquatters. But there are also ways to avoid them. First and foremost pay attention to what you type into your web browser. A good way to get to popular merchants or financial institutions is to go through a search engine.
"Google, yahoo, bing, all the popular search engines are not only going to have legitimate addresses for those merchants and those financial institutions but they're also going to scan those sites for malware to prevent drive-by hacking," D'Ovidio said.
And, of course, use common sense. If a website looks suspicious or fishy it probably is so exit and try again.
For more information on typosquatting:
identity theft, special reports, brian taff
- Photos: 24 wanted in Phila. insurance fraud scheme
- Mostly sunny, very windy today
- Get the 6abc StormTracker app
- WATCH: Action News Online
- Pizza deliveryman ID'd in police shooting 44 min ago
- Eye doc grew pot in Delco home, police say 30 min ago
- Police ID man found dead in Centreville driveway 20 min ago
- Wildfire risk prompts Red Flag Warning for NJ 5 min ago
- Road reopens months after Frankford water main break 35 min ago
- Man shot multiple times in West Philadelphia 20 min ago
- Fmr. Devon Prep teacher faces child porn charges
- Woman charged in NJ man's overdose death
- New 'object of interest' in missing jet hunt
- Photos: Suspects wanted by Philadelphia Police
- Eye doc grew pot in Delco home, police say
30 min ago
- Pizza deliveryman ID'd in police shooting
44 min ago
6abc.com News Links
Most Viewed StoriesMost Viewed Photos