How a Simple URL Typo Can Make You a Target for Malware
Clicking through search results to a website carries the risk of landing on a spoofed page that is actually a phishing scam, just like navigating directly by typing a URL into your browser. As Krebs on Security reports, researchers at security firm Infoblox have identified a series of scams on similar, parked (or reserved) domains. If you end up on one of these websites, you will not be taken to the trusted page you expect, but to fraudulent content, including scareware and other malware.
Similar domains contain malicious content
This scam capitalizes on you navigating directly to a website by typing the URL into your browser’s address bar. If you accidentally type in the top-level domain (TLD) – .gov or .com, for example – or the second-level domain (SLD), which is the company name (Google or Amazon), you could land on a page that has been commandeered by bad actors for nefarious purposes.
In some cases, these may be typosquats, meaning cybercriminals have registered domain names that appear almost identical to trusted ones. In others, they may be real domains that have expired and are simply advertising placeholders that spread malware.
Infoblox researchers found that visiting one of these sites often triggers a chain of redirects, through which bad actors profile data such as your IP geolocation, device fingerprint, and cookies. This means that you do not necessarily need to click on links on the parked page to receive malicious content. They note, however, that parked websites were only malicious if visited from a residential IP address and harmless if accessed using a VPN or non-residential IP address.
What do you think of it so far?
How to Avoid Parked Domain Scams
A common tip for avoiding phishing websites is to enter trustworthy URLs directly into the address bar rather than clicking on search, as bad actors will attempt to exploit the results, including placing paid advertisements, to redirect you to malicious domains. This can still be a safe way to get to your destination, but you should check the spelling of your TLDs and SLDs carefully, as small mistakes could lead you to a fraudulent site.
I’ve covered similar website tricks, such as homograph attacks, which use similar characters in URLs to direct you to phishing sites that, at first glance, appear to be legitimate domains. Unless you inspect the address very carefully, you may not be able to detect the scam.
