Can you spot the difference between the two domains below?
It may be hard to notice at first glance, but the first domain contains two uppercase “i’s” in place of lowercase “l’s”. What you witnessed is a perfect example of typosquatting, or the use of strategic typos to create fake domains that look like trusted domains. With the type of formatting used in this blog post, it’s hard to tell the difference between an uppercase “i” and a lowercase “l”. While this makes for entertainment in this blog, hackers can — and do — use typosquatting tactics against unsuspecting businesses and their customers.
For example, if your legitimate email was email@example.com, a typosquatted variant hackers may attempt to set up is firstname.lastname@example.org. It seems obvious that the second email has a third “s” at the end. However, when it’s Friday afternoon and you’re ready to get out of the office after sorting through hundreds of emails that week, what is the likelihood that you check the address each email came from?
Registering typosquatted domains is a common trick hackers use in order to set up fake email accounts or fake websites that impersonate your business.
How do we know this? Because we’ve witnessed it! Soteria has been a part of dozens of forensic investigations into network breaches that originated from a simple domain typo. Many of these investigations were brought on by the unfortunate occurrence of fraud. We’ve seen simple typosquatting result in tens of millions of dollars being stolen from a single firm. No one is immune either: both large and small businesses have been victims.
Security Tip: To stay ahead of typosquatting, take our advice:
- Train your employees: Ensuring your employees are aware of typosquatting will go a long way to lowering the risk of employees falling for typosquatting scams. Making your employees comfortable with reporting suspicious emails is a key responsibility of any business’ management team.
- Use a domain monitoring tool: To help your company stay aware of registered domains that are similar to yours, sign up for a domain name monitoring service. These services can identify domains that are typosquatted versions of your legitimate domain. Soteria’s own DNSense™ domain monitoring tool provides this service and is provided to businesses through our SecureStart™ program.