Misspelled Domain Names Used For Malware Spreading
If you are one among the common user who thinks that misspelled words are just a hindrance and doesn’t pose any actual threat, you are wrong. For more than two decades, cyber criminals and hackers have continuously been exploiting this simple yet readily usable issue. When consumers and visitors type in a wrong name, it will automatically redirect to the hacked page. Even though, companies do their best trying to buy all relevant domain names, they are yet to put an end to this misery which continues to haunt people of all sorts.
Websites do use SSL encryption to protect their data and also help consumers secure their credit cards as well as confidential information the right way. But, this domain name spelling is something out of the bounds that has been constantly threatening internet security to huge levels. In a recent study, a company found out that all security firm names are being misspell purposefully so as to redirect visitors to new pages. Some popular examples are comodoo, mcaffee and kasperski. All of them are .com domains that are under the control of a group of unidentified hackers.
The Majority of these redirected websites are fake with malware injected into them. Some of them are direct phishing websites while there are other bogus product or advertisement pages as well. They will provide spicy offers that buyers can hardly resist and when they try to buy it, a similar looking shopping website will be shown as well to acquire credit card information.
Some companies have a dedicated team which spends their team buying up all possible domains because of which type based malware has been brought under control, but its still only to a certain extent beyond which users are in peril. Termed as Typosquatting, this internet security issue is huge because the time taken to identify such an error took an average 1181 days, which is more than four years. Before this time, most users would have been duped and some malware sites even use fake SSL so as to make them look legitimate.
Among those that were being targeted often include Enom, Tucows, Go daddy, and Fabulous. The USA has the most number of fake domains registered, while UK has the least. When such companies that are security experts being targeted, it’s not surprising to see simple organizations and corporates falling prey to hacking. The usage of EV SSL is considered more secure in such cases to show one is actually the original one and strict measures to stop bogus sites should be implemented.