Even if you’re pretty good at typing, every body makes typos. And those little mistakes could now make you vulnerable to criminals who know that typos are just a fact of life.
How a typo could make you vulnerable to hackers
A cybersecurity firm has discovered a new version of an old scam known as ‘typosquatting.’ The way it works is criminals will purchase website domain names that are very similar to popular sites — and so when you accidentally type ‘Netflix.om’ instead of ‘Netflix.com‘ into your browser — hackers could gain access to your computer or other device.
According to a Business Insider report, the new scam aims to install malware on users’ devices when they land on malicious websites — after accidentally typing the wrong URL — like .om instead of .com. — into their web browser. The criminals are carrying out the scam by using popular URLs in hopes of hitting as many people as possible.
Endgame, the cybersecurity firm, actually discovered the scam when an employee typed Netflix.om instead of Netflix.com when attempting to watch the last season of House of Cards.
And after more digging, the group found that there are even more popular sites being ‘om’ed.’ While not every site with ‘.om’ is fake, Endgame found 319 of them that appear to have some type of scam associated with the site.
Plus, misspelling ‘.com’ isn’t the only risk — misplacing the period can also get you into trouble. For example, Netflixc.com instead of Netflix.com.
How to protect yourself
Phishing and malware scams are everywhere on the Internet all the time — and new versions and variations are popping up constantly.
Phishing is a way for criminals to carry out identity theft by using fake websites, emails and robocalls to try and steal your personal information — including passwords, banking info, Social Security number and other sensitive data.
Here are some tips to help you protect your information from scammers:
- When it comes to spotting potentially-dangerous websites, before you go to an unknown site, double-check the spelling of the web address/URL by first doing a search for it.
- If you receive an email claiming to be from your bank or other company that has your personal information, don’t click on any of the links. It could be a scam. Instead, log in to your account separately to check for any new notices. You can also call the company about the information sent via email.
- Also, don’t click on any links in an email you weren’t expecting. Do a search about whatever the sender claims to want or be offering you to make sure it’s legitimate. If you aren’t sure, do a search for the company and call them directly.