How To Prevent A Social Engineering Scheme Called Typosquatting

By Amine Mekkaoui,

  Filed under: Risk Management and Information Security Blog
  Comments: None

Have you ever mistyped a website domain – maybe a few missed letters here, a forgotten hyphen there, or entering a wrong domain ending – and found yourself, not a 404 error message, but in an unfamiliar sinister website? 

This phenomenon is called typosquatting – a type of cybersquatting used by imposters that involve registering domains with intentionally misspelled names of popular web addresses to install malware on the user’s system. It is basically typo hijacking that operates on the carelessness of the user when it comes to correctly entering the URL.

Some extreme forms of typosquatting are similar to phishing where the wrong website mimics the real site, thus confusing the user with a false knowledge that he/she has visited the right website.

Typosquatting is also a form of social engineering scams which I discussed in my previous blog. Social engineering is an act of exploiting human vulnerabilities where a cyber criminal will trick people with sophisticated methods while hiding their real identity and intent. It operates through manipulation, and the internet has given these criminals numerous ways to do that.

If your organization is currently idle about security issues, it’s time to rethink your strategy and do not forget about the human factor side of your company.


So how do you protect your business from these kinds of threats? Well, training employees certainly is a good start. You can provide your staff with the following know-hows: 

  • Never disclose confidential information, such as passwords or bank details, over email exchange or telephone.
  • If you find yourself with a suspicious email, the motto is always better not to react than to fall for the scam, because if it is legitimately important, the sender will try to contact you through another route.
  • In the case of supposedly urgent emails, it is advisable to check the authenticity of the sender by telephone.
  • Always keep an eye on social media fake accounts and report them to avoid angler phishing and social web threats.
  • Lastly, live up to the desired cyber-security awareness yourself.

A robust domain defense strategy can ensure company success in the long run, but so as including your human resource in this strategy. If your organization is currently idle about security issues, it’s time to rethink your strategy and do not forget about the human factor side of your company. There are multiple IT solutions that can guide you in things like this, helping you build a better and secured system within your organization. Since social engineering is targeted at humans, your organization is at risk of being attacked anytime. So it is best to keep in mind that the protection of your clients and employees also means protection of your organization.

Be the first to write a comment.

Your feedback