1. Home
  2. Computing
  3. News

Typos can get you hacked in latest cybersecurity threat

By

Even a simple and common error like mistyping a domain name can lead to cybersecurity attacks, the latest in the ongoing barrage of malware. Known as URL hijacking or “typosquatting,” this social engineering technique is built upon the knowledge that it’s easy to hit the incorrect key and end up visiting the wrong website.

With very little effort, a hacker can copy images, fonts, and text to construct a malware website that looks like PayPal, Google Wallet, Microsoft Visual Studio, MetaMask, and other popular websites. These fake websites are also used in phishing campaigns of all sorts since the similarity of the domain name is useful for a whole variety of confidence stings.

Recommended Videos

URL hijacking and phishing campaigns aren’t new, but there has been a recent increase in them. Bleeping Computer, with a little help from the security firm Cyble, discovered over 200 domains that impersonated popular websites for Android and Windows apps, cryptocurrency and stock trading, as well as subscription services apps.

The goal of fake websites for apps would be stealing credentials and infecting your computer or phone with viruses. Any website that involves subscriptions or payments would have the more direct approach of taking your money or cryptocurrency.

A common technique with URL hijacking is to add or change one letter. Bleeping Computer gave an example of a trustworthy website for the popular Windows text editor, notepad-plus-plus.org. A malware website exists that simply adds the letter S to the end of “notepad” to create the deceptive domain name.

Image used with permission by copyright holder

Major browsers include a degree of protection, identifying some fake websites while missing others. To protect yourself, have a close look at the domain name shown in the website address box or do an internet search for the website, app, or service you want to visit. You can’t trust that you’re at an authentic website based on appearance alone.

Editors' Recommendations

Topics
Alan Truly
Computing Writer
Alan is a Computing Writer living in Nova Scotia, Canada. A tech-enthusiast since his youth, Alan stays current on what is…
The best photo printers you can buy in 2024

A comparison of draft, standard, and high-quality photos from Epson's EcoTank ET-8500. Tracey Truly / Digital Trends

If you love sharing photo prints or building physical photo albums, you might want to upgrade to a photo printer. When manufacturers optimize printers for pictures, the results can match or exceed that of the best printers available.

Read more
How your boss can spy on you with Slack, Zoom, and Teams

Virtual workspace tools like Slack and Teams can be incredibly handy, both for those working in the office who need to send a quick message or arrange a meeting, and especially for those working remotely who need to stay in contact with their co-workers. With the rise of remote work, more and more office workers are spending a significant chunk of their day on these tools. However, if you use these then you should be aware that what you do in these systems isn't private -- most likely it can be seen by your boss. Even private conversations may not be as private as you think.
Slack

Apps like Slack, Teams, and other common business collaboration platforms are structured via admin permissions. In other words, with the right permissions, your boss can have a large amount of control over the platform and what’s happening on it. And if a manager goes to IT -- well, they can ask to see just about anything that happens on the app.

Read more
‘Take this as a threat’ — Copilot is getting unhinged again

The AI bots are going nuts again. Microsoft Copilot -- a rebranded version of Bing Chat -- is getting stuck in some old ways by providing strange, uncanny, and sometimes downright unsettling responses. And it all has to do with emojis.

A post on the ChatGPT subreddit is currently making the rounds with a specific prompt about emojis. The post itself, as well as the hundreds of comments below, show different variations of Copilot providing unhinged responses to the prompt. I assumed they were fake -- it wouldn't be the first time we've seen similar photos -- so imagine my surprise when the prompt produced similarly unsettling responses for me.

Read more