Typosquatting/URL Hijacking

Have you ever wondered how much can a misspelled word cost you?

Imagine a scenario where instead of entering the URL “www.google.com”, you mistakenly entered “www.foogle.com” or “www.goggle.com”. It frequently happens in our day-to-day life that sometimes we end up entering a similar wrong URL with having just 1 or 2 additional or mismatched letters.

Typosquatting comes into picture when such typographical errors is made by the Internet users. If a user accidentally enters a wrong website address into the browser, the entered address may redirect the user to an alternate website that is usually designed by the hackers for malicious purposes. The alternate website owner gets free traffic. The hackers usually target well-known domains like Facebook, Google etc.

Causes of Typosquatting:

  1. Enter the misspelled domain name into the browser.
  2. Enter the wrong domain extension (such as .com instead of .org).
  3. Forget to include hyphen for a domain that includes a hyphen [NOTE: hyphen is the only special character allowed in the IDNS].
  4. Spelled differently from the registered one (such as colour instead of color).
  5. Threats of Typosquatting:
    All kinds of Internet theft is possible through Typosquatting. It can be very dangerous if the URL of a misleading domain is being entered. It can:

    1. Redirect to an alternate website used for a malicious purpose such as phishing.
    2. Install malware or Ransomware to the PC without even clicking on the site.
    3. Steal confidential data of the Internet users such as credit card information.
    4. Steal the identity of the users for the purpose of Identity theft.
    5. Expose the users to Internet pornography.
    6. Preventive Measures:
      It is highly recommended to be careful while typing the domain name of a website. Apart from that, the following ways can be adapted to avoid typo-squatting.

      • Bookmark or Pin Tab the websites that are frequently visited.
      • Speech recognition softwares can be used to visit popular URLs such as www.google.com.
      • Perform web searches and then click on the intended site from the web search results.
      • Keep the antivirus software updated.
      • Never click links in chats, messages, emails provided by suspicious senders.
      • If you own a domain, try to register its typo versions before the hackers.


      My Personal Notes arrow_drop_up

      Check out this Author's contributed articles.

      If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to contribute@geeksforgeeks.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.

      Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.