What happens when you mistype a website URL

We’ve all done it at one point or another – mistyped a web address.  Maybe you were trying to go to msn.com but accidentally typed another letter instead of “n” and hit the “Enter” key on your keyboard and received a 404 Error.  While this may seem like a simple mistake that you can easily correct by hitting the back button and retyping the web address, malicious attackers know that we are imperfect when typing and they also know that we’re entering another election year in 2020.

Typosquatting is a shady attack vector where fake URL’s are registered for commonly misspelled websites – essentially hijacking URL’s.  My company’s domain is Rubica.com, a typosquat could be rubika.com.  That typosquat could then be used for a variety of malicious things like phishing, delivering malware, brand impersonation, or even reputational damage.

Typosquatting isn’t new. However, a recent study by cybersecurity firm Digital Shadows shows that malicious attackers are targeting presidential candidate websites and either redirecting to malicious sites or attempting to damage candidates’ brands or reputations.

Candidates-brands-damaged-by-typosquatting

Examples of non-malicious brand-damaging typosquats 
(Source: Digital Shadows)

This type of cyberattack can promote the spread of misinformation and even infect your devices.

Here are a few tips to protect yourself from being redirected to a malicious site because of typosquating:

  • Double check the website address before hitting “Enter” or “Go” on your computer or phone/tablet
  • Check the website certificate to ensure it is for the actual site you intended to go to

If you have more questions about typosquatting or any other cybersecurity questions, our team of cyber experts are available to help.  Stay safe out there!