CyberScout

How Typosquatting Hacks Can Target Your Company

Typosquat

Typosquatting is perhaps the least sophisticated form of domain name hacking. It relies on user error, specifically the odds of a user mis-typing a URL address into their web browser. Hacker register a misspelled version of a well-known domain name, such as “gooogle.com” or “gooogl.com” rather than google.com. (Important: do not visit either “gooogle.com” or “gooogl.com”. They are dangerous).

Once a would-be victim has accidentally connected to a typosquatted domain, hackers can deploy any number of exploits. They will often create a copy of their targeted website but replace the most clicked links to malware, or they might prompt a user to enter their login and password for the “real” site and deploy those credentials in credential stuffing attacks on other websites or networks (a technique called “pharming”). Another strategy might involve the installation of a malicious browser extension or phony security software, both granting hackers unfettered access to their target’s devices.

One of the more famous examples of typosquatting in recent years involved Reddit.com, one the world’s most trafficked websites. 

A hacker acquired the domain name “reddit.co” and created a facsimile of the Reddit site. The goal was to pharm user credentials. The domain name was identical to Reddit except it was designed to identify sites registered in the nation of Colombia. The sole difference--a .co suffix, rather than .com, which is reserved for commercial websites was easily disregarded as one of the vagaries of the mysterious world wide web.  

The hacker behind reddit.co also acquired an SSL domain certificate for the facsimile site, which meant the site displayed a green padlock secure symbol on most major web browsers (that is, until it was discovered by security researchers and marked as a fraudulent site). 

“[T]his is an effective scam,” said cybersecurity expert Azeem Aleem of the Reddit hack. “They’ve put in the time and effort to create a remarkably realistic website that even shows a secure SSL certificate in your browser window. It is well designed, well executed, and it highlights the very real danger of modern spoofing attacks... what’s more worrying is what this stolen data will be used for, as stolen credentials are used to breach the victim’s other accounts, and carry out sophisticated phishing attacks on friends, colleagues, and family.”