You need to go to Marriott’s site to book a room for your vacation. You are trying to relax and watch your favorite show on Netflix. You are starving and want to order a pizza online from Papa Johns. How many times a day do you try to type in a website’s address and mess it up? If you are on a computer as much as we are, it’s at least a few times a day. A new type of malware is preying on those typo mistakes.
Typosquatters are exploiting the top-level domain for Middle Eastern country Oman (.om). These criminals have registered more than 300 domain names with .om suffix impacting U.S. companies and services such as Netflix, Marriott, Papa Johns, Macy’s, and Gmail.
What is Typosquatting?
Typosquatting is a well-known security problem. The culprits target one or more well-known websites and brands. They register domains similar to the legitimate domain. Techniques often include doubling characters like “googgle.com”. Some other examples have used adjacent keys, and letter swapping like “googel.com”. This new version using the .om suffix is a bit trickier and more malicious.
How does it work?
The criminals are hoping a significant number of users mistype the intended domain, and then they redirect you to a different site with multiple pop-up ads. One of these pop-up ads usually asks you to update your Flash player. If you make the mistake of downloading this “update”, a malware virus will be installed on your computer. With this installed, any number of problems can arise. From the malware harvesting your login information, to installing ransomware that locks your entire computer up.
Who is targeted?
While this is a problem that everyone is facing, Mac OS X users are being singled out. This new type of typosquatting campaign is targeting Mac users with a fake Adobe Flash update. This fake update will pop-up and attempt to trick users into installing the advertising component Genieo.
Genieo changes the behavior of your browsers. It allows custom searches and targeted advertising to be presented on a home page, managed through a browser extension. It also tracks what you do and guides your searches and activity to relevant commercial sites and deals.
How do I prevent it?
Malware schemes like typosquatting are becoming more and more common. These attempts to obtain your personal information or do worse acts is troubling. Beginning with the basics like double checking your spelling is always the first step. If you do make a mistake, don’t click on links in unsolicited pop-ups or emails. And as we always recommend, keep your software updated.
Security issues like typosquatting have broad implications for many businesses. Not only could your personal computer be at risk, but also your company name. The vast majority of .om registered domains are malicious. These sites are receiving large amounts of visitors and should be taken seriously. Many popular sites remain unregistered and are still vulnerable.
To learn more about stopping security issues like typosquatters, please contact one of our approachable IT geniuses today for more information.
