Typosquatting
Form of cybersquatting which relies on mistakes when inputting a website address / From Wikipedia, the free encyclopedia
Dear Wikiwand AI, let's keep it short by simply answering these key questions:
Can you list the top facts and stats about URL hijacking?
Summarize this article for a 10 year old
Typosquatting, also called URL hijacking, a sting site, a cousin domain, or a fake URL, is a form of cybersquatting, and possibly brandjacking which relies on mistakes such as typos made by Internet users when inputting a website address into a web browser. A user accidentally entering an incorrect website address may be led to any URL, including an alternative website owned by a cybersquatter.
The typosquatter's URL will usually be one of five kinds, all similar to the victim site address:
- A common misspelling, or foreign language spelling, of the intended site
- A misspelling based on a typographical error
- A plural of a singular domain name
- A different top-level domain: (e.g. .com instead of .org)
- An abuse of the Country Code Top-Level Domain (ccTLD) (.cm, .co, or .om instead of .com)
Similar abuses:
- Combosquatting - no misspelling, but appending an arbitrary word that appears legitimate, but that anyone could register.
- Doppelganger domain - omitting a period or inserting an extra period
- Appending terms such as sucks or -suckes to a domain name
Once in the typosquatter's site, the user may also be tricked into thinking that they are in fact in the real site, through the use of copied or similar logos, website layouts, or content. Spam emails sometimes make use of typosquatting URLs to trick users into visiting malicious sites that look like a given bank's site, for instance.
The Magniber ransomware is being distributed in a typosquatting method that exploits typos made when entering domains, targeting mainly Chrome and Edge users.[1]