Typos can get you hacked in latest cybersecurity threat Digital Trends Skip to main content Trending: Wordle Today October 24 Dell XPS 15 vs. Razer Blade 15 Best Dolby Atmos Soundbars iPhone 14 Plus Review Halo Rise vs. Nest Hub 2nd Gen HP Envy x360 13 (2022) Review Best Chromebook Printers Home ComputingNews

Typos can get you hacked in latest cybersecurity threat

By Alan Truly October 24, 2022 7:33AM Share Even a simple and common error like mistyping a domain name can lead to cybersecurity attacks, the latest in the ongoing barrage of malware. Known as URL hijacking or “typosquatting,” this social engineering technique is built upon the knowledge that it’s easy to hit the incorrect key and end up visiting the wrong website. With very little effort, a hacker can copy images, fonts, and text to construct a malware website that looks like PayPal, Google Wallet, Microsoft Visual Studio, MetaMask, and other popular websites. These fake websites are also used in phishing campaigns of all sorts since the similarity of the domain name is useful for a whole variety of confidence stings. URL hijacking and phishing campaigns aren’t new, but there has been a recent increase in them. Bleeping Computer, with a little help from the security firm Cyble, discovered over 200 domains that impersonated popular websites for Android and Windows apps, cryptocurrency and stock trading, as well as subscription services apps. The goal of fake websites for apps would be stealing credentials and infecting your computer or phone with viruses. Any website that involves subscriptions or payments would have the more direct approach of taking your money or cryptocurrency. A common technique with URL hijacking is to add or change one letter. Bleeping Computer gave an example of a trustworthy website for the popular Windows text editor, notepad-plus-plus.org. A malware website exists that simply adds the letter S to the end of “notepad” to create the deceptive domain name. Major browsers include a degree of protection, identifying some fake websites while missing others. To protect yourself, have a close look at the domain name shown in the website address box or do an internet search for the website, app, or service you want to visit. You can’t trust that you’re at an authentic website based on appearance alone.

Editors' Recommendations

Are Windows 11 security features killing your gaming performance? You might be surprised How your boss can spy on you with Slack, Zoom, and Teams Passwords are hard and people are lazy, new report shows Is Microsoft’s new PC cleaner just an Edge ad in disguise? Microsoft data breach exposed sensitive data of 65,000 companies Apple could launch a Frankenstein iPad Pro that runs macOS Instagram’s expanded blocking lets you block a person’s backup accounts Snapchat+ now lets you customize when Snaps on Stories expire Instagram may be adopting this beloved MySpace feature Best laptop deals: Get a portable workhorse from $119 today Reels are about to show up in yet another Facebook feature Best gaming laptop deals for October 2022 Best Apple iMac Deals: Get an Apple desktop for $571 Best Dell XPS Deals: Up to $700 off top-rated laptops Microsoft data breach exposed sensitive data of 65,000 companies Apple quietly launches unprecedented price cuts to its best MacBook Pros We can’t believe how big this Dell business laptop discount is AMD 7000X3D V-Cache CPUs could challenge Intel at CES 2023