LAFAYETTE, La. (KLFY)- Experts are alerting residents to beware of typosquatting or URL hijacking.
Typosquatting is a scam that happens when con-artists buy the misspellings of web addresses to get online traffic from typing errors.
“Typosquatting is basically the purchase of different domains that are similar to legitimate domains so things like g-o-g-g-l-e would be a typosquatting on the google domain,” Evan Patterson, Supervisory Senior Resident Agent with the FBI, said. “These are generally used in fraud, whether it’s advertising, whether it’s drive by downloads, sometimes they’ll set up similar companies.”
Chris Babin, with the Better Business Bureau of Acadiana, added, “It’s become a lot more prevalent over the last year with the amount of online traffic that’s increased, and basically, what scammers are doing is creating lookalike websites to convince consumers when they might accidentally type in the wrong address or they’re not sure of the right web address and go to a lookalike website that’s not the actual website that they’re trying to go to.”
When people mistype the wrong address, they may be directed to another website that looks similar to the one they wanted to visit.
“You think you’re going to the valid domain,” said Patterson. “You think you’re going to the actual company, and then, of course, you end up somewhere else. You don’t know what that website has on it, you don’t know the individual or the organization behind it, and so those are some of the reasons why we’re concerned about it.”
Cybercriminals try to stick as close as possible to the original domain name with common typos or misspellings so users will overlook the mistake.
“What they’re hoping to do is impersonate a brand or a store, an online marketplace that we already know and trust. They’re hoping to get some type of identity information from you, maybe a social security number, a date of birth, or potentially have you purchase something on their website thinking that you’re at the actual online store,” explained Babin.
“When individuals go to a particular websites, obviously, make sure you’re typing that in correctly. The other way to do it is to go to a legitimate search engine, and put the website in there, and then, make sure you’re clicking on the right one,” said Patterson. “Often times, there will be ads at the top. Make sure you scroll down past those ads and click on the actual website that you’re looking for, and that way you can make sure you’re looking for legitimate domains instead of some of these typosquatting domains.”
These sites can even install malware on computers. Here are some tips from the Better Business Bureau to avoid typosquatting scams:
- Take your time. Typosquatting takes advantage of people who get in a hurry and don’t pay attention.
- Double check the spelling after typing in a web address and before hitting “Enter.” Look for HTTPS at the website address in the search bar.
- Register common alternate spellings of domains for your business, including variations with plurals and hyphens. If you own all the similar domains, cybercriminals can’t use them against you.
- Report suspicious websites to the Internet Crime Complaint Center at https://www.ic3.gov/.
If you have a scam you’d like me to investigate, feel free to send me an email at email@example.com.