The next big cyber security threat: Your fingers

Published: November 27, 2012 by bkrenek

We’re all familiar with well-known causes of data security breaches and identity fraud; phishing, malware attacks, and lack of cyber security protection are some of the most popular.  A lesser-known but just as lethal culprit in the world of data breaches is surprisingly, a person’s typing skills due to the fact that a simple typo can lead to typo-squatting also known as URL hijacking.

Typo-squatters count on accidental misspellings and typing errors of web addresses in a web browser’s address bar to get people to their page which can often be unscrupulous hacker sites designed to extract a person’s private information.  Typo-squatters buy up domains that are similar to popular domain addresses to lie in wait for web surfers to make typing mistakes which is now even more widespread with the popularity of touch screen devices.  For example, instead of typing dot-com, you mistakenly type dot-org and are transferred to an authentication or login page that asks you to input your account information and password before proceeding.  These pages are actually typo-squatted pages that were created to not only steal your information but they can also make you vulnerable to a computer virus or identity theft.  The most dangerous scenario is when a person uses the same user name and password for every website since a hacker then can access financial information such as banking and credit cards accounts using the stolen log-in information.

Typo-squatters can also cause a business data breach by creating doppelganger domains for large companies that use subdomains for their various worldwide offices.  Business emails are intercepted when a user mistypes a recipient’s e-mail address.  Using a doppelganger domain, a hacker configures an email server to intercept any correspondence addressed to a person with that name.  Extra large companies with many subdomains are at the biggest risk since they have more employees with more email addresses which means more chances for typos.

A key way to practice data breach protection in preventing typo-squatting is to use a search engine to find a website instead of directly typing in the web address especially if you are searching for a financial institution.  All the big search engines will have companies’ legitimate web addresses as well as data protection and security software to scan for malware and prevent hacking.  Common sense is also another powerful tool to prevent a breach of data; if a site doesn’t look right, it probably isn’t so exit quickly and try again through a search engine.