Move over, cybersquatting; typosquatting is the newest form of online theft, and it’s targeting people who accidentally leave out a letter when typing a URL.
As reported by The Inquirer and Gizmodo, the security firm Endgame recently discovered around 300 popular websites with registered “.com” domains that have very, very similar URLs registered with the domain ending “.om” — the ending for top-level domains in the small Middle Eastern country of Oman.
Instead of providing Arabic versions of valuable websites like Netflix and Dell, these slightly misspelled websites are being used by hackers to target unsuspecting people who mistakenly leave out the “c” when typing “.com.” When a user types in “www.netflix.om”, for example, the site redirects to a page that attempts to install OS X malware called Genieo.
The process of targeting users on the site is fairly standard; several pop-ups request that the user install an updated version of Adobe Flash before exiting the site. One notable development in Genieo, however, is the fact that it targets Apple users instead of Windows users. Although there are an average of 82,000 unique malware threats created each day globally, the majority of these programs target Windows users.
As Digital Trends noted, Mac users are less likely to be familiar with these harmful Adobe Flash pop-ups than the average Windows user. If a user accepts to install the fake update, Genieo “entrenches itself on the host by installing itself as an extension on various supported browsers (Chrome, Firefox, Safari).”
Typosquatting isn’t exactly a novel form of hackers piggy-backing on the success of legitimate businesses; cybersquatting is another version of the same idea and it utilizes domain names that are very similar to a well-known business: “www.metflix.com”, for example, would likely be an easy way to trip up countless users attempting to access Netflix.
The recent introduction of “.om” into the world of cyberhacking, however, is a new development that many people are not yet aware of.