Skip to main content

Typos can get you hacked in latest cybersecurity threat

Even a simple and common error like mistyping a domain name can lead to cybersecurity attacks, the latest in the ongoing barrage of malware. Known as URL hijacking or “typosquatting,” this social engineering technique is built upon the knowledge that it’s easy to hit the incorrect key and end up visiting the wrong website.

With very little effort, a hacker can copy images, fonts, and text to construct a malware website that looks like PayPal, Google Wallet, Microsoft Visual Studio, MetaMask, and other popular websites. These fake websites are also used in phishing campaigns of all sorts since the similarity of the domain name is useful for a whole variety of confidence stings.

URL hijacking and phishing campaigns aren’t new, but there has been a recent increase in them. Bleeping Computer, with a little help from the security firm Cyble, discovered over 200 domains that impersonated popular websites for Android and Windows apps, cryptocurrency and stock trading, as well as subscription services apps.

The goal of fake websites for apps would be stealing credentials and infecting your computer or phone with viruses. Any website that involves subscriptions or payments would have the more direct approach of taking your money or cryptocurrency.

A common technique with URL hijacking is to add or change one letter. Bleeping Computer gave an example of a trustworthy website for the popular Windows text editor, A malware website exists that simply adds the letter S to the end of “notepad” to create the deceptive domain name.

Here's an example of a fake website that looks real, Notepad-Plus-Plus.
Image used with permission by copyright holder

Major browsers include a degree of protection, identifying some fake websites while missing others. To protect yourself, have a close look at the domain name shown in the website address box or do an internet search for the website, app, or service you want to visit. You can’t trust that you’re at an authentic website based on appearance alone.

Alan Truly
Alan is a Computing Writer living in Nova Scotia, Canada. A tech-enthusiast since his youth, Alan stays current on what is…
Nvidia just hinted at AI that can play games for you
A screenshot from Nvidia's G-Assist April Fool's video.

"The future is never far away." That's the comment Nvidia made yesterday on social media about an old April Fool's joke about AI in games.

Here's the context: In 2017, Nvidia made a silly April Fool's joke video about something called GTX G-Assist, a dongle that could add some outlandish AI features to gaming. Then again, what was outlandish in 2017 feels possible seven years later.

Read more
The 5 best things you can do with Copilot Pro right now
Microsoft Copilot Pro.

Copilot Pro is Microsoft’s AI subscription service that costs $20 per month for individuals and is integrated into the brand’s Microsoft 365 suite. The paid service offers unique features to Microsoft users, provides faster and more consistent AI performance with priority access to the GPT-4 and GPT-4 Turbo large language models (LLM) during peak times, and also brings the AI technology to the brand’s most popular PC applications -- and that's where things get really interesting.

Here are some of the best features on Copilot Pro and how they work.
Create custom GPTs

Read more
I tested two of the best antivirus services. Here’s which one you should get
Bitdefender and Malwarebytes websites are open side-by-side on a computer monitor.

If you need to upgrade your cybersecurity, Bitdefender and Malwarebytes both offer some of the best antivirus plans for your Windows computers.

As hackers develop increasingly sneaky tricks to hide malware, choosing between these two antivirus companies is important. Although both services have their pros and cons, ultimately, Bitdefender offers more options to fine-tune your subscription than Malwarebytes and has a better track record of malware protection in third-party testing.
Tiers and pricing

Read more