Attackers are Exploiting Your Typos

Brian Krebs today reported on a not-exactly-new-but-still-effective type of tactic attackers are using to lock up a victim’s computer due to a “bombardment of security alerts.” This technique – referred to as ‘typosquatting’ – counts on you trying to access a popular website, say iTunes, and accidentally typing in “itunes-dot-cm” instead of “itunes-dot-com”.

Per usual, often the most effective cybersecurity attacks are the boring ones that don’t make for compelling material for “Mr. Robot” fans. Check out the article to see Krebs’ breakdown into just how often people were affected by these types of attack. (Spoiler alert: 12 million people fell victim to these attacks in just 2018 alone.)

Krebs and his security research partner on this piece, Matthew Chambers, recommend that users bookmark their favorite, most visited sites, rather than typing the URL directly into the Web browser address bar in order to protect themselves from making a minor, silly mistake that turns your computer into a dumpster fire.

In addition to using bookmarks, here are a few more tips to avoid typosquatting attacks:

  • Bookmark commonly used sites and visit them directly from your bookmark bar.
  • Use the URL autocomplete built into many browsers. If you’ve already visited the correct URL, the browser will keep it in its history.
  • Use a search tool to get to the page you’re trying to get to: Google “iTunes” vs. typing in “itunes.com” (or .cm or itones.cm, etc.). A note about using a search engine to get to your destination: Be aware of any ads or misleading malvertising that are high up in the search results.
  • Carefully review any URLs that must be typed by hand.
  • Use a password manager to automatically fill in your login credentials. A good password manager will not enter your credentials on a (Read more...)

This is a Security Bloggers Network syndicated blog post authored by Cylance Research and Intelligence Team. Read the original post at: Cylance Blog