The latest ploy cybercrooks are using to spread ransomware and other types of computer malware
- to provide them with remote access to PCs and Macs
- or to steal log-in credentials:
- After buying domain names with a missing or misplaced letter in website addresses
- belonging to well-known companies,
- they simply wait for you to make a typo.
The biggest threat results in the most common typos
- either a misplaced or missing “c”
- such as typing amazonc.om or amazon.om, so a web address ends with “.om” instead of “.com”
- reports online security firm Endgame
Those 2 Amazon domain names are among more than 300 .om-ending domain names
- that hackers have purchased for this new malware-spreading scheme,
- according to Endgame.
- Here’s the complete list (http://pastebin.com/q2WCuw6K),
- which also spoofs:
--- Facebook, LinkedIn, AOL,
--- banks, including Bank of America and Wells Fargo,
--- pharmacies CVS and Walgreens,
--- retailers such as Walmart and JC Penney,
--- and even online porn sites.
True, scammers have long used website addresses with a missing, extra or misplaced letter
- to spoof those belonging to well-known brands for typo trickery.
- But the usual MO has been to lead consumers to copycat websites that:
--- sell counterfeit goods,
--- aim to steal credit card info that people provide for supposed purchases, or
--- promise a prize to those, who complete a survey that actually mines for sensitive personal information.
Endgame discovered this new malware-spreading angle — called typosquatting
- when one of its researchers mistyped Netflix.om instead of the correct Netflix.com, and
- was redirected through a series of dubious pop-up ads and, eventually,
- to a malware-infested site that prompted him to download a file
- that appeared to be an Adobe Flash Player update
- That familiar fake “Flash Update” usually serves up risky (and possibly malware-laden) pop-ups
- and other annoyances on computers,
- so don’t download or install it.
Endgame says that most of the .om-ending sites it discovered operate the same way:
- They don’t directly install malware but, instead,
- lead to other infected pages.
- So that’s good news, at least.
Other typo-squatting tricks include:
- doubling characters (“googgle.com”),
- missing letters (“gogle.com”),
- adjacent keys (“googlw.com”) and
- letter swapping (“googel.com”).
So carefully read what you type, before hitting Enter to access a website:
- especially, if you’re a fast or fat-fingered typist.
- That’s also a good practice to follow, before clicking on links
- that appear in search engine results or online advertisements;
- they, too, may have typos that spell trouble.
For information about other scams:
- sign up for the Fraud Watch Network
- You’ll receive free email alerts with tips and resources
- to help you spot and avoid identity theft and fraud, and
- gain access to a network of experts, law enforcement and people in your community
- who will keep you up to date on the latest scams in your area