Be careful what you type: scams (and malware) lurk in misspellings

 

We all make typing mistakes, but due to a new type of scam, your fat fingers could cost you—big time.

ID-10079658It’s called typosquatting—creating a website that has a domain name that is super similar to a legitimate, popular website, but takes advantage of common misspellings or accidental keystrokes. Examples recently discussed in the media include “twtter.com,” “wikapedia.com,” or “googgle.com,” and are all designed to trick unsuspecting web users into visiting a malicioius website.

At best, typosquatting websites will simply display ads, objectionable material, or could be a storefront for goods of questionable authenticity.

At worst, these fake sites can look so real, they can trick you into revealing your login or payment credentials, or even place backdoors into your computer system or install ransomware without your knowledge.

Lately, scammers have been taking their efforts a step further by purchasing addresses that have “.om” endings (Oman’s country suffix) because it’s an easy typing mistake from “.com.” Don’t visit them, but know that addresses such as twitter.om, lego.om, icloud.om, marriot.om, panasonic.om, and pizzahut.om have all been registered to people not associated with the real brands.

Sometimes companies do purchase the web addresses that are common misspellings of their URLs and automatically redirect their customers (amazn.com is one)…but that is not always the case.

malware googleGoogle’s Transparency report shows how many phishing sites or malware sites the company detects each week—and it’s a lot. As of April 3 there were 16,127 malware sites and 43,987 phishing sites.

Don’t think it can happen to you? Think again. Read what happened to one of our employees.

A TDS case study

“I keep thinking back and wonder if I would have done anything different knowing what I know now…but my answer is no. It was all just so convincing.”

Molly, a TDS employee, was at home on her computer and typed in what she thought was the URL for a popular healthcare company—or so she thought. Immediately her screen turned blue and displayed a message telling her: “Your TDS computer has been compromised. Call the TDS approved number below to place a ticket.”

Since TDS was her provider and we assign tickets for service, she didn’t think twice about calling the number. The person on the phone said they were with Microsoft, handling these cases on TDS’ behalf. The phone advisor sent Molly a link so he could remote in to her computer to see what was going on.

She was told her computer was infected by a virus. When she asked which one she was told it was the kaboto virus. Fortunately, that was the moment when Molly started to get suspicious.

“The virus name was really odd, so I grabbed our iPad and looked it up on Google while he was talking.”

While she was doing her search, the phone advisor told her she would need to pay $250 to clean the virus off her computer and that she would need monthly or even weekly cleanings moving forward. She was also asked whether she did any personal banking on her machine.

By this point Molly had discovered that the “virus” wasn’t real and it was all part of a scam. She hung up the phone, turned off her computer, and tried not to panic. Six minutes had passed since the “advisor” had gained remote access to her computer.

TDS’ real Remote PC Support team discovered the scammer’s digital fingerprints all over her files—likely scanning for information to steal her identity—and her computer was being loaded with inappropriate material. All in six minutes.

“It’s just so embarrassing to fall for something like that. But there no red flags—it was all so sophisticated.”

What can you do?

It’s probably close to impossible to avoid all typosquatting websites because no one’s typing accuracy is 100%. However, there are things you can do help minimize your risk:

  1. Double-check your URL location. Since you can’t probably stop yourself from having fat fingers (who can?), check the web address after you’re there. If you’ve really arrived at amazn.om and not amazon.com, don’t click on any links. Leave immediately (and it might not be a bad idea to clear your browser cookies too).
  2. Don’t type URLs directly. Rather than risking typos, it could be safer to simply use a reliable search engine such as google.com or yahoo.com to find the site you want (but make sure those search site URLs are right too!).
  3. Be skeptical—don’t click links. When in doubt, don’t call or click the links you see on your screen. Follow the guidelines for scareware and/or phishing scams. Also, don’t hesitate to reboot your computer (a hard restart) if necessary to get rid of any popup messages.
  4. If you did call or click, run antivirus software immediately. Make sure that software is up to date or malware might slip through. If you’re not sure, you might want to do what Molly did—call the experts. TDS offers their Remote PC Support as a subscription service, or on a one-time basis. They can help you diagnose and resolve any problems.

Image courtesy of Stuart Miles at FreeDigitalPhotos.net

 

 

About TDS Security Team

The latest news and advice from the TDS Security Team.

, , , , ,

Trackbacks/Pingbacks

  1. Clever Gmail login scam is still tricking people | TDS Home - March 22, 2017

    […] told you about phishing scams before, and even scams that take advantage of your misspellings or fat-finger moments—but this one? It may just take the cake in terms of […]

Leave a Comment