When you are texting, surfing the Internet, or writing an e-mail, how many typos do you think you make?
With technology like auto correct and spell check, many of us don’t worry too much if we make a mistake while typing, because the computer or phone will catch it before we send!
But what happens if you type a website URL in to your browser incorrectly? For example, say you want to go to Google.com and type Googl.com instead. Some websites will redirect to the correct URL, but other times, you may find yourself on a fraudulent website. Identity thieves are banking on our poor typing skills and engage in a type of online fraud called “typosquatting,” which allows them to potentially get hold of our personal information.
Financial institutions are among the top business websites that hackers target for typosquatting. How do they do it? They purchase URLs that are similar to the URLs of popular financial institutions. If they are trying to trick Wells Fargo customers, whose real URL is www.wellsfargo.com, they might buy welsfargo.com wellfargo.com or wellsfargos.com. Then, the thieves put up websites that look exactly like the Wells Fargo website. They simply wait for you to type in the wrong URL, go to their fraudulent website, and enter your login information. After that, they have enough information to be able to access your real Wells Fargo account and steal as much information as they want to.
Researchers from the Belgian University of Leuven and U.S.-based Stony Brook University looked a bit deeper at typosquatting and published their findings in a report called Seven Months’ Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse. They found that among the 500 most popular sites on the Internet, 95% are targeted by typosquatters. That means that whether we like to admit it or not, many of us have likely been victims of typosquatting at one point or another. Some companies practice defensive registration, meaning they purchase the misspelled versions of their URLs before anyone else can — but the researchers found that most companies do not engage in defensive registration.
So, how can you protect yourself? How can you spot a fraudulent website?
When you first land on a website — before entering in any personal information or clicking on any links — stop and think “Is this website legit?” Taking a few moments to scan the site can play a big role in helping to prevent identity theft.
Check The Address
The primary clues can be found at the top of the page in the URL address bar. Look very closely at the URL — is it definitely the one you meant to type in? If you think it looks a little weird, or you’re not sure, go to a search engine like Google first and search the company name. The real company website should be one of the top, if not the top, results on the search results page. Click through to the website via Google.
If you are visiting a financial website, or any type of website that handles sensitive information, look up at the URL address bar again. In the left corner, there should be a lock symbol and it should tell you the company that the URL is registered to. This shows you that the site is secure, and provides you with added peace of mind knowing the real company registered the URL.
Finally, just look at the website. Does some of the wording seem off? Are there typos? Do any of the images appear to be low-resolution? Some hackers that engage in typosquatting put up websites that are less than perfect in an attempt to get something up quickly. If the website doesn’t look right, don’t risk entering your personal information.
Typosquatting is just one of the ways identity thieves are trying to steal your information, but by keeping your eyes open for red flags, you are taking a big step in protecting yourself.