Introduction
What if you click on the link by mistake, or simply because you don’t stop to more carefully examine the email? Then, we run into another problem: Typosquatting.
This happens when scammers create lookalike websites so you believe that you are on the legitimate landing page of whatever organization the hacker is trying to emulate.
How It Mimics a URL
The best way to avoid typosquats is to catch the mistake in the URL before you ever follow it to the false website. Hackers will create extremely similar domains to the real address; for example, misspelling Apple as Appie or Yahoo with an extra O.
Here’s how to carefully examine a URL for mistakes.
Check for typos or similar-looking characters. Look for misspelled words, extra characters, or substituted characters (like zero (“0”) for the letter “O”). Also verify the domain extension. Legitimate websites often use common extensions like .com, .net, or .org but make sure that the URL you’re considering matches the extension for the real company website. Always be cautious of unfamiliar extensions. In fact, when in doubt, always open a separate tab and go directly through the verified portal!
Signs of a Typosquat
Sometimes the scammer successfully pressures or entices you into clicking on their link without careful enough inspection.
Since they have already fooled you with the URL in this scenario, it’s now time to look at the page where you’ve been redirected.
- Evaluate visual design: Compare the website’s design with the legitimate site. Inconsistencies in layout, color scheme, or brand voice might be a red flag. Old slogans and logos are also a common sign that the site is illegitimate.
- Examine content quality: Typosquatting sites often have poor grammar, spelling errors, or generic content inconsistent with a real company’s branding. Legitimate enterprises will include professional details and easy ways to contact someone associated with the organization.
- Check for suspicious requests: If the website asks for personal information or financial details, be wary. Legitimate sites rarely request such information upfront. If you are expecting to enter private information, like at an online shopping checkout, then beware odd questions such as requests for your Social Security Number.
Remember, it is ALWAYS best to go through verified websites and portals when you are unsure about a message or request.
Conclusion
If you suspect a website is a typosquat, avoid entering any personal information and close the browser window immediately.
All of this is to say that your online security can be greatly improved by simply slowing down and taking a beat to examine all hyperlinks before you click on them. If you do find yourself following a fraudulent link that mimics a real URL, you can still take the time to carefully look at the webpage where you’ve been redirected.
Education is prevention when it comes to cyber-safety! Stay cyber-aware to stay more cybersecure.