Back
Cyber Security Training & Software for Companies | MetaCompliance

Products

Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters

Back
Industry

Industries

Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 


Financial Services

Creating A First Line Of Defence For Financial Service Organisations

Governments

A Go-To Security Awareness Solution For Governments

Enterprises

A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives

Back
Resources

Resources

From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

Back
MetaCompliance | Cyber Security Training & Software for Employees

About

With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Leadership Team

Meet the MetaCompliance Leadership Team

Careers

Join Us and Make Cybersecurity Personal

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Beware of Typosquatting: Innocent Mistakes, Serious Threats

The Dangers of Typosquatting: Harmless Mistakes, Serious Risks

about the author

Share this post

Typosquatting may seem innocuous, but it’s a gateway to cyber threats. One wrong keystroke in a URL can redirect users to malicious websites, compromising sensitive data and security. Stay vigilant against this stealthy danger.

Have you ever heard of mikerowesoft.com? Or does the website deutschebnak.com ring a bell? Attentive readers will have noticed that a few errors snuck in there. This kind of error is called typosquatting, or URL hijacking, and is a form of cybersquatting. It describes a social engineering attack where popular web addresses are peppered with typos in order to redirect people to illegitimate websites. These websites usually contain advertising from their competitors, malware or even pornographic content.

The Dangers of Cybersquatting

Cybersquatting is an umbrella term for a range of social engineering attacks. Cybersquatting, or domain squatting, involves registering domain names that the applicant is not entitled to. These can be brand names (brandjacking), public figures (namejacking) or company names. This also includes registering typo domains or so-called typosquatting.

What is Typosquatting?

Typosquatting is a malicious practice where cybercriminals register domain names that are common misspellings of legitimate websites. This tactic aims to deceive users who mistype URLs, redirecting them to fraudulent sites to steal sensitive information or distribute malware.

At one point or another, everyone’s ended up on a typo domain. In fact, the whole thing is pretty easy to pull off: cybercriminals register domains that strongly resemble those of well-known websites, usually by changing only a few letters. People are then redirected to third-party sites via simple typos and, worst-case scenario, interact with them as well. These interactions can include entering personal data, clicking on malicious links or downloading malware. Typosquatting not only affects private individuals, however. Many companies reserve domain names in the 4-digit range in advance in order to counter the loss of customers or traffic due to typosquatting.

Typosquatting allows attackers to capitalise on simple human mistakes:

  • Spelling and typing errors
  • Outdated or alternative spellings
  • Domains with hyphens
  • Incorrect punctuation marks
  • Wrong top-level domains (e.g. .net, .org, .com etc.)

There are also different types:

  • Impersonators – A fake website that imitates the look and feel of a pre-existing website. Victims are tricked into providing sensitive information.
  • Listing related search results – A fake website that redirects traffic intended for the real website to its own and demands payment per click.
  • Traffic monetisation – A fake website that places ads or pop-ups to generate revenue.
  • Surveys & giveaways – A fake website that pretends to collect customer feedback in order to harvest personal data.
  • Installing malware – A fake website that installs malware on the affected hardware.

Typosquatting and the Law

Registering a domain is easy and, in most cases, only costs a few euros. According to the principle of priority, “first come, first served”, there is no guarantee that the person applying for a domain is also the person who is legally using it. In these cases, naming rights, trademark law or even competition law come into force. Whether or not the domain in question is a legally registered domain has to be assessed on a case-by-case basis.

In a case from 2001, the BGH (Germany’s Federal Supreme Court) decided in the so-called “Shell ruling” that the principle of priority is no longer valid if the plaintiff’s name recognition is significantly higher than that of the defendant. In this case, the plaintiff made use of the right of its own name.

“The very registration, not the first use of another company name as a domain name in non-business dealings, constitutes an unauthorised use of a name under §12 of the German Civil Code.” – As stated in the 2001 judgement

Mike Rowe recounts another case that is more likely to make you smile. The then 17-year-old secured the domain MikeRoweSoft.com for his private website. The world-famous software company, Microsoft, didn’t like the web designer’s creative work at all and threatened the young entrepreneur with a lawsuit.

“I didn’t expect them to send all their highly paid lawyers after me right away”, Mike Rowe explains.

In the end, however, both parties were able to reach an out-of-court settlement. After all the drama, Mike Rowe sold the documents of his case as “a piece of internet history” on eBay for $1,037 USD.

Because of the ever-increasing amount of squatting and the need for the individual review of such cases, proceedings of this nature can drag on for years. The dubious key figures who are often behind domain squatting also hide behind shell companies or in foreign countries. This approach makes a conviction virtually impossible.

Shielding Against Typosquatting: Prevention and Measures

To protect yourself against an attack caused by typosquatting domains, these tips will help you:

Individuals

  • Avoid clicking on suspicious links. These links can come to you via emails, text messages, chat messages or social media channels.
  • Avoid opening email attachments from unfamiliar addressees.
  • Install an antivirus program and keep it up to date.
  • Check the correct spelling of URLs carefully.
  • Save your most visited links in your bookmarks to avoid typing errors.
  • Use speech recognition software for familiar URLs.
  • Use a search engine to get to specific websites.

Companies

  • Secure as many domain variations of your name as possible and link them to your website. This can include different spellings, punctuation, and country extensions of the top-level domain.
  • Let ICANN’s Trademark Clearinghouse help you monitor your brand name and notify you if your name is used in other people’s domains.
  • SSL certificates allow you to protect your visitors’ data during transmission, providing a sense of security. Those looking to hijack your domain wouldn’t use this method.
  • As soon as you suspect someone might be impersonating your company, inform clientele, colleagues, and other stakeholders about possible social engineering attacks through phishing emails or phishing websites.

Strengthening Defenses: MetaCompliance Cyber Security Awareness Training

In conclusion, typosquatting is a serious issue. Small, careless mistakes make it possible to inadvertently access a typosquatting domain, even for experienced users. What seems like a trivial oversight can still cause a lot of damage.

To safeguard your organisation and employees against this stealthy danger, proactive measures and robust prevention strategies are essential. Equip your team with the knowledge and skills needed to identify and mitigate such risks effectively. Discover comprehensive cyber security awareness training solutions from MetaCompliance, empowering your workforce to navigate the complexities of cyberspace securely. Strengthen your defenses and stay ahead of evolving threats with MetaCompliance.

Other Articles on Cyber Security Awareness Training You Might Find Interesting