Hackers have already developed myriad phishing and spear phishing attacks to steal personal data or gain control of computers. But here comes another one: The latest trend in cyberattacks is called typosquatting, and it’s a clever con.
Cybersecurity firm Endgame noticed recently that someone was attempting to distribute malware through the URL Netflix.om. The .om domain is the top-level country code for Oman, but hackers were using it to direct sloppy typists away from Netflix.com. This type of attack, known as typosquatting, isn’t new, but Endgame says it’s the first time the firm has seen the (admittedly pretty smart) .om variation.
In 2013, Robert Siciliano of the cybersecurity company McAfee warned that “[s]ometimes these sites exist to sell products and services that are in direct competition with those sold at the website you had intended to visit, but most often they are intended to steal your personal identifiable information, including credit cards or passwords.” There can be phishing attacks within the typosquatting that lead you to other malicious sites. For example, in some of the .om attacks, the page redirects a few times before landing on a fake “Flash Updater” site that tries to trick you into clicking.
The .om typosquatting malware seems to be Genieo, a common adware targeted at Mac users. But if the approach is successful—and Endgame says the malicious sites are already “receiving a non-trivial amount of traffic”—it could spread beyond OS X to target other operating systems.
Most companies already make efforts to thwart typosquatting. As Endgame explained in a blog post on Friday, “Companies identify domains, register, and control likely domains their customers may accidentally enter. … We recommend that companies prioritize adding .om registration to protect their reputation, and block known-malicious .om domains to protect their enterprise.”
An assessment of typosquatting published last week on arXiv by State University of New York at Buffalo researchers notes that even though the idea for the attack has been around for years, typosquatting still “provides a great avenue to cybercriminals to conduct their crimes.” The researchers offered technical suggestions for reducing the effectiveness of typosquatting, while noting that “[t]he current state-of-the-art highlights the problem, detection techniques, and policy-based approaches, [but] less work is done on the technical front towards defending against this threat.” Hopefully cybersecurity responses will evolve against typosquatting, but we should still watch what we type and where we click in the meantime.