Online Buyers Beware: Typosquatters Want Your Information
Holiday shoppers are flocking online to get the latest deals and beat the in-store crowds. Unfortunately, the bad guys have set up shop to infect your computer and steal your personal information if you accidentally mistype the website name.
That's the warning from content security leader Websense, after its security researchers recently found more than 2,000 typosquatted online domains set up to ensnare the unaware. These domains mimic the legitimate addresses of big retailers like Wal-Mart, Apple, and Best Buy with URLs like WallMatt (dot) com, Appple (dot) com and Bestbuyh (dot) com.
Record online sales have already been reported since "Cyber Monday," and online shopping continues to be brisk. So beware of the clever crooks: you may get to a page that looks just like your favorite retailer, but the site may then lead you to a phishing or other potentially harmful site that injects malware or infects your system with spyware. Some sites are convincing enough to lead people to enter their credit card information.
Many of the illicit sites also take advantage of top level domains by having the brand names spelled correctly, but incorrectly lead to ".org" or ".net" domains that the criminals own. These websites are often used in fake emails and phishing sites that try to lure a consumer to claim online vouchers or coupons for retailers. The user is then asked to select another offer shown in a pop-up window. These pop-ups often host fake competitions offering high-value, desirable prizes like the latest iPhone. Users completing online forms inadvertently provide cybercriminals access to their personal information, leading to identity theft, phishing scams and malware.