Better Business Bureau Serving Acadiana is alerting residents to beware of Typosquatting, a scam that occurs when swindlers buy the misspellings of web addresses to get online traffic from typing errors. It is also sometimes called URL hijacking.
When users mistype or “fat finger” the wrong address, they may be taken to a fraudulent website that looks similar to the one they intended to visit. The website owners can use this deception to steal identity information, sell products or misinform.
These sites even occasionally install malware on unsuspecting users’ computers.
Scammers can also send email from the misspelled domain name to try and trick the recipient into thinking it came from someone inside the company being mimicked.
Recipients might think they’re dealing with a trusted source when they’re really interacting with someone whose whole intent is to deceive.
Cybercriminals try to stick as close as possible to the original domain name with only slight variations so users will overlook the mistake. URL hijackers often register domain names with the most common typos or misspellings.
One trick is to add an “s” to the domain name. For example, when yourtownplumber.com becomes yourtownplumbers.com, the user might not even notice the difference.
BBB offers the following tips to avoid typosquatting scams:
Take your time. Typosquatting takes advantage of people who get in a hurry and don’t pay attention.
After typing in a web address and before hitting “Enter,” double-check the spelling. Once the online destination shows upon the screen, look for the padlock symbol and the website address includes https://.
Business owners are advised to register common alternate spellings of their domains, including variations with plurals and hyphens. If you own all the similar domains, cybercriminals can’t use them against you. It is also recommended to monitor website traffic. A sudden drop off might indicate visitors are being diverted to a fake site through typosquatting.
Report suspicious websites to the Internet Crime Complaint Center at IC3.gov. The Anticybersquatting Consumer Protection Act (ACPA) was enacted in 1999 to make it illegal to register Internet domains that are similar to an existing business or personal name with the intent to misuse them.
If you find someone has registered a variation that could be used to impersonate you, notify partners, customers, employees and anyone else who might be deceived so they can be on the lookout. Consider submitting a petition to the World Intellectual Property Organization to gain ownership of a domain that is “identical or confusingly similar” to yours if you can show the domain registrar is acting in bad faith.