Criminals these days are frequently relying on a common strategy to fool potential victims prone to spelling errors or typos.
Simply misspelling a web domain name could lead victims to fraudulent sites designed to deceive consumers and lure them into providing their personal information.
Security experts are calling this trend "typosquatting" or "spoofing," which involves just misspelling one or a few letters in a web domain name. The strategy is based on the concept that it is pretty likely for people to misspell words when they're trying to reach certain websites.
According to BankRate, fake websites modeled after the names of financial institutions are, as one might expect, common traps among fraudsters. For example, a criminal wanting to target Bank of America customers might register "BankofAmerlca.com," which is just one letter off from the bank's actual domain.
The criminal will set up a page that looks very similar to the actual Bank of America website, so customers will believe they are actually accessing their bank accounts and will provide confidential information—which will later be used by fraudsters looking to compromise bank and credit card accounts and steal identities.
While some typosquatting schemes are pretty basic in nature, others can be much more obscure or complex. A recent study, Seven Months' Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse, revealed that out of the 500 domains studied, 447 had at least one malicious typosquatting domain. The domains with the most malicious typosquatting versions included AdultFriendFinder.com (targeted by 132 fradusters), followed by email marketing portal ConstantContact.com and Russian social network Odnoklassniki.ru.
Fortunately, some institutions are catching on, and have taken measures to register for related domain names with common misspellings to protect their firms from fraud. Smaller institutions could be less likely to do so, however, because of costs, experts warn. Although registering a web domain costs just $10 a year, registering, say, 50 web domains over the course of many years could add up in cost.
Consumers can also take measures to better protect themselves. Aside from double-checking that the spelling of the domain name they've entered is correct, they can also check on a bank's website that the address bar on the browser, next to the lock icon, includes the name of the company that registered the site, as long as they're using an up-to-date version of Explorer, Mozilla Firefox or Google Chrome.
Consumers should also remain vigilant about the sites they access, update their anti-virus software and ensure the networks they're using are secure. In addition, they should keep a close eye on their accounts and credit score to be on the look out for any suspicious activity.