How a Simple Typo in a URL Can Make You a Target for Malware

Posted on by

Clicking on links in search results carries the risk of landing on a fake page that’s actually a phishing scam, but the same applies to directly clicking on a URL in a browser. As Krebs on Security reports , researchers at security firm Infoblox have uncovered numerous scams using lookalike and parked (or stub) domains. If you land on one of these sites, you’ll be redirected not to the expected trusted page, but to fraudulent content, including malware and other malicious programs.

Clone domains contain malicious content.

This scam relies on you being directed directly to a website by entering the URL into your browser’s address bar. If you accidentally misspell a top-level domain (TLD)—such as .gov or .com—or a second-level domain (SLD), you could end up on a page hijacked by attackers for malicious purposes.

In some cases, these may be typosquats, meaning cybercriminals have registered domain names that look almost identical to trusted ones. In other cases, these may be real domains that have expired and are simply being used as advertising placeholders to distribute malware.

Infoblox researchers found that visiting one of these sites often triggers a chain of redirects through which attackers collect data such as your IP location, device fingerprint, and cookies. This means you don’t necessarily need to click the links on a parked page to see malicious content. However, they note that the parked websites were only malicious when visited from a residential IP address and were safe when accessed through a VPN or from a non-residential IP address.

What do you think at the moment?

How to Avoid Parked Domain Scams

One common tip for avoiding phishing sites is to type trusted URLs directly into the address bar rather than searching for them, as scammers will try to use search results, including by placing paid ads , to redirect you to malicious domains. This can still be a safe way to reach the desired site, but you should carefully check the spelling of both top-level domains (TLDs) and second-level domains (SLDs), as even small errors can lead you to a fraudulent site.

I’ve already discussed similar website tricks, such as homograph attacks , where similar characters in URLs redirect you to phishing sites that at first glance appear to be legitimate domains. Unless you check the address very carefully, you might not recognize the scam.

More…

Tech

Leave a Reply