Skip Navigation
BlackBerry Blog

Attackers are Exploiting Your Typos

Brian Krebs today reported on a not-exactly-new-but-still-effective type of tactic attackers are using to lock up a victim’s computer due to a “bombardment of security alerts.” This technique – referred to as ‘typosquatting’ – counts on you trying to access a popular website, say iTunes, and accidentally typing in “itunes-dot-cm” instead of "itunes-dot-com".

Per usual, often the most effective cybersecurity attacks are the boring ones that don’t make for compelling material for “Mr. Robot” fans. Check out the article to see Krebs’ breakdown into just how often people were affected by these types of attack. (Spoiler alert: 12 million people fell victim to these attacks in just 2018 alone.)

Krebs and his security research partner on this piece, Matthew Chambers, recommend that users bookmark their favorite, most visited sites, rather than typing the URL directly into the Web browser address bar in order to protect themselves from making a minor, silly mistake that turns your computer into a dumpster fire.

In addition to using bookmarks, here are a few more tips to avoid typosquatting attacks:

  • Bookmark commonly used sites and visit them directly from your bookmark bar.
  • Use the URL autocomplete built into many browsers. If you’ve already visited the correct URL, the browser will keep it in its history.
  • Use a search tool to get to the page you’re trying to get to: Google “iTunes” vs. typing in “itunes.com” (or .cm or itones.cm, etc.). A note about using a search engine to get to your destination: Be aware of any ads or misleading malvertising that are high up in the search results.
  • Carefully review any URLs that must be typed by hand.
  • Use a password manager to automatically fill in your login credentials. A good password manager will not enter your credentials on a fake website.

And, per usual:

  • Be suspicious of unusual or unexpected links in emails, texts, chat messages, or on social networking sites.
  • Watch for unexpected tricks in URLs like two ‘n’s meant to look like one ‘m’; nn vs. m.
  • Never open unexpected email attachments.
  • Use antivirus software to monitor and protect your computer against malware.
Cylance Research Team

About Cylance Research Team

Cylance Research Team

The Cylance Research team explores the boundaries of the information security field identifying emerging threats and remaining at the forefront of attacks. With insights gained from these endeavors, Cylance stays ahead of the threats.