Typosquatters waiting to pounce on your errant keystrokes

We all make typos, but if you are unlucky enough to make one while entering a web address into your browser, you could fall victim to the typosquatting scam.

We all make typos, but if you are unlucky enough to make one while entering a web address into your browser, you could fall victim to the typosquatting scam.

The typosquatting scam can trick web surfers into downloading harmful computer viruses and giving up personal information, and it can even trick vulnerable children into viewing adult content. Researchers have found that more than 12 million web users have fallen victim to the typosquatting scam in the first 3 months of 2018 alone.

Perpetrators of the typosquatting scam set up web addresses that closely resemble legitimate addresses but contain a common typo such as ending a web address with .cm instead of .com. If a user is unlucky enough to mistakenly type in the wrong address, they may be taken to a booby-trapped website filled with viruses and malware, or to a website that looks just like the legitimate website but is designed to gather their personal data for scammers. Alternatively, these fake website addresses can be set up to sell knock-off imitation products to consumers who believe they are shopping at the real retailer.

Making typos is so easy to do, but there are steps you can take to mitigate your risk. To steer clear of the typosquatting scam:

  1. Always double-check the address before hitting enter (or return) to make sure you did not make a mistake. Taking the time to do so can save you the heartache of having your identity stolen or prevent you from purchasing counterfeit products at inflated prices.
  2. Bookmark your favorite websites. Once you are positive that the address you entered is correct, bookmark it. Doing this will save you the time of proofreading each web address and is particularly worthwhile for websites that have access to your financial information.
  3. Use a search engine. If you are not sure what the address is for a certain site, consider using a search engine like Google, Bing, or DuckDuckGo. When you are searching for the proper website, be sure not to include .com in your search. Search Engines like Google have algorithms that will most likely point you in the right direction.
  4. Be wary of links found in social media posts, which can often lead to typosquatters. Before clicking on a link or search result, look for red flags in the web address like:
    • A .com ending for a government website
    • Extra text following a .com like, www.example.com-(text)
    • A misspelling of the company’s name
    • Typos in the domain (.com, .gov, .org, etc.) -- such as the web address ending with .cm instead of .com

Spotting fake websites is not always easy. If you realize you have entered one of your passwords on a typosquatter’s site, change your password immediately. Once you secure your accounts, file a complaint at Fraud.org via our secure online complaint form. We’ll share your complaint with our network of more than 200 law enforcement and consumer protection agency partners who can and do put fraudsters behind bars.