Skip to main content

Noticed a typo? It could be typosquatting

Have you ever clicked a link to a website, and noticed that the URL doesn’t look quite right? You could have been a victim of typosquatting. Here’s everything you need to know about typosquatting, and how to avoid falling for it.

What is typosquatting?

Typosquatting, URL hijacking, or typojacking as it is sometimes known, is a phishing technique used to gain personal information from victims, such as banking information or login details.

Phishers purchase a domain with a url that looks very similar to a well-known website; something like google, amazon or outlook, but with a single letter changed. Sometimes this looks like a regular typo, like adding an extra ‘o’ in outlook, and sometimes a letter has been replaced with a latin ‘o’ so the website appears to be the same. 

For a victim looking at the website URL, it might appear to be legitimate. Even once clicked, this website might be a strong imitation of the site they were expecting, ensuring that the victim doesn’t catch onto the fact that they are on a phishing website.

The fake website can then be loaded with malware, which is installed onto the victim’s device without them knowing once the link is clicked. It could also prompt victims to enter their login details, which would provide phishers with information they could then sell or use to access a victim’s accounts. 

What is targeted typosquatting?

Targeted typosquatting is where a domain is used that closely resembles your business’ URL. The same techniques are employed here; a letter is changed so that the URL looks as close to your website URL as possible. 

Instead of sending this link to victims directly, the URL is used to masquerade as a person from within your business, often a manager. This can then add legitimacy to a bank fraud scam, where a staff member is emailed by a phisher pretending to be a director or manager (from a seemingly ‘correct’ email address) and encouraged to send a fraudulent payment.

How can you protect yourself from typosquatting?

With typosquatting, it can be difficult to ascertain whether the link is legitimate or not by looking at it, and once you’ve clicked the link, it’s too late. However, there are precautions that you can take.

The first is to ensure that you don’t click links in emails to well-known sites like amazon or google. Access these sites yourself by typing in the URL, and make sure you don’t make any typos in the process! 

You can also ensure that everyone in your business understands the process for bank transfers. Having a procedure which involves multiple people, and ideally, requiring a conversation over the phone, can stop you and your business from falling victim to these kinds of scams.

Finally, think about software. Office 365 can notify you when someone is contacting you from outside of your business, offering that extra layer of protection from targeted typosquatting. Transcendit can help you set up Office 365, and discuss anti-virus/anti-malware options for your business, which can help identify when you’re visiting a malicious site. You could also make sure that you have browser protection enabled.

Worried about phishing? Give us a call on 0191 482 0444


The Transcendit Way

Transcendit understand that when you choose to work with us, whether we're taking care of your IT, app or web development, you're trusting us with part of your business. So whether we're looking after your computers, phone systems or servers we always do things 'the Transcendit way'.

The whole of our team adhere to the same values, beliefs and policies - the principles that were written when Transcendit first formed in 2000. Whether you come to us for cloud services or recovery backup you can be confident that you'll always receive the same excellent service.

The Transcendit way outlines how we do business; following the same straightforward principles with every client and customer, regardless of how big or small they may be.

That means we get to know you and your business. We offer you a friendly, professional and efficient service, and we'll always be honest with you.
We understand that not everybody speaks fluent IT, so we try to explain things in a way that is simple and clear. We always spend as much time as is necessary explaining things to you.
If you need to talk to us about something, no matter how insignificant, we are only ever a phone call away – and we’re never too busy to make you a cup of tea and have a sit down with you in person.
We understand how frustrating it can be when things are late. When we schedule an appointment with you, we are there when you’re expecting us. If something prevents us from getting there, we always call you in advance to let you know.
Sometimes things can go wrong, but we never lie to you or try to cover something up. If things go askew we tell you what’s happened and how we plan to prevent it affecting your business.
We want you to continuously benefit from working with us. We regularly discuss your business and make suggestions for improving systems and processes wherever we can – but we never try to push you into a purchase.
When we quote a fixed price, that's always the amount we charge – you won’t find any nasty surprises on a bill from us. If you are paying by time and materials, we inform you if our approximations could change.
We understand the importance of privacy for your business and your customers. We respect the confidentiality of your data, and we will never pass on your information to third parties.
We appreciate it when you take the time to give us feedback. A system called CustomerSure records our client's responses, so you can trust that our reviews are from real people.
Find out what they're saying here.
SIRIUS use Transcendit for our IT needs. They are proactive, high quality, charge fairly and are a pleasure to work with. Shkun Chadda

Based on 12075 reviews our customers rate us 9.8/10. Reviews and ratings by Customersure. 09-October-2024

Transcendit are proud sponsors of CHUF, the Children's Heart Unit Fund.

Transcendit is a Microsoft Gold certified partner
VMWARE partner
Vipre partner
IPCortex partner
WithSecure partner
DELL partner
Barracuda partner
Veeam partner
N-Able partner