Are you a new user?


Ask Jack: What Do You Know About The Re-Emergence Of Typosquatting?

By Jack McCalmon, The McCalmon Group, Inc.

I recently received an email, asking me to visit a vendor's site, but it had a hyphen in the URL. I don't remember a hyphen. I deleted the email.  Did I do the right thing?


You did the right thing - when in doubt, never select an embedded link from an email or text.

It is hard to know, but the email you received may have been a social engineering scam called "typosquatting". In a typical typosquatting scam, criminals mimic the design of a popular website and register a URL nearly identical to the site mimicked.

The difference between the real URL and the imposter is often very subtle like an added letter, often an "s"; an added word like "the" ; an added punctuation like an apostrophe; or an added symbol like a hyphen. These changes often escape spell checkers and browser security. They can entrap those that make a typo when entering a URL or simply believe the imposter URL is correct.

Typosquatting has been around for a while, but it is making a comeback. According to one investigation, "200 fake domains impersonating 27 popular brands to trick users into downloading Android and Windows malware" were recently discovered. https://www.tomsguide.com/news/these-misspelled-websites-are-spreading-nasty-malware-how-to-stay-safe

To prevent being ensnared by typosquatting, you should avoid links in emails and texts. Instead, go to a trusted search engine and search independently of an email or text. Additionally, make sure you are typing in the correct URL when you are visiting a site. If the site is flagged as unsafe or looks off, even by a little bit, then do not enter any information.

The final takeaway is that typosquatting is a simple, but effective method of deception, especially when embedded in an email from a source believed to be trustworthy.


Finally, your opinion is important to us. Please complete the opinion survey: