Typosquatting Attacks Alive and Well–Unfortunately

By on Jan 13, 2016

Typosquatting doesn’t get the attention that it used to, but it remains an effective means for attackers to capitalize on unsuspecting users. Of course, the most effective instances are those that target high-traffic sites. I stumbled upon criagslist.com, a transposition of craigslist.com (aka craigslist.org), only to be redirected to a host of sites pushing various things. The primary server also hosted other domains, including youutbe.com and youtupe.com, knock-offs of YouTube.com.

Miskeying one of these popular sites results in a cascade of redirects through various advertising channels and affiliates. At present, these primarily land the user on different survey pages, promising “exclusive rewards” of $50 or more, or a chance to win a $100 gift card. Previous campaigns were more blatant in deception, delivering fake malware detections, media player upgrades, security vulnerability warnings, and “Blue Screen” errors. One page even delivered an audio warning courtesy of an embedded MP3 file set to autoplay on page load.

 

Fake alerts:

Fake Media Player Upgrade

Fake Malware Detection

Fake "BSOD" Error Message

In general, these attacks frequently use contextual information, with alerts including your location, Internet service provider’s name, browser, OS, etc.

It’s common for less savvy users not to understand that such alerts are nothing more than deceptive web pages. When assisting others, facing such errors, it’s a good practice to have them minimize or close the browser to see if these simply disappear.

About the Author

McAfee

McAfee is the device-to-cloud cybersecurity company. Inspired by the power of working together, McAfee creates business and consumer solutions that make our world a safer place. Take a look at our latest blogs.

Read more posts from McAfee

Subscribe to McAfee Securing Tomorrow Blogs