/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBANGALORE, INDIA: Spelling mistakes aren't uncommon, but they were considered only embarrassing until they became dangerous in the internet language. Now, there is no excuse for typing errors while entering a web address as you face the risk of entering a danger zone created by cyber criminals waiting for just that chance to hack into your accounts.
Hundreds of websites have been created with URLs resembling popular websites except for an alphabet. Once these sites are accessed, cyber criminals can download malware or trick users to reveal their banking or other personal information.
In an interview with CIOL, Elad Sharf, Security Researcher, Websense Security Labs, discusses how typosquatting scams are carried out and about other dangers on social networking sites.
Q: Websense ThreatSeeker Network has already detected fraudulent websites that have made it to the global top 250 high Alexa ranking list. So, how serious is the problem and how can one avoid fraudulent sites?
Typosquatting or hijacking of domain names exploits the common typing errors made when entering a web address in the browser. These may result in malware, phishing or frauds. Major names like Google or Facebook have made mitigation efforts and registered some names that can be easily mistyped but there are always some options that aren’t registered because there are a good number of options. Twitter, for example, has not done this and the misspelling of their web address leads to registered fraudulent websites that target Twitter to have an extremely high Alexa rank.
ALSO READ: Bookmark sites to avoid typosquatting
Q: Can you share few tips that will help users avoid being redirected to fraudulent websites or links
The following steps can help PC users to be safe while using the Internet:
1.If it sounds too good to be true it may as well be the case. Be extra cautious while giving your information. Don't believe everything you read and take information or offers with a pinch of suspicion
2.It’s about the context — your valued data comes first. Think about the value of the information you're giving and whom you're giving it to. Is it the site you came to asking for valuable information? Will they keep it safe or abuse it? For example, your phone number might lead to text spam or your number could be registered to a premium text service. And giving your email address could lead to spam. Always read the small print of any offer and don't be afraid to put a researcher hat on and research any site you suspect. Again, Ace Insight is a great place to start: http://aceinsight.websense.com/
3.Use a security product for your browser. Web security gateways with real-time content analysis is the level of protection businesses should use, but for home users there are free security plug-ins for browsers that can help, for example, mywot.com can give you a sense if you’re in the wrong place. You can also copy any URL before clicking and have Websense test it for free at aceinsight.com.
Q: You have also come across fraudulent sites that pretend to be from YouTube. Is there any way one can avoid clicking fraudulent links on YouTube?
Today, websites are very social orientated and dynamic; users can comment on pages and post new content — it’s very easy for cyber criminals to take advantage of this. They can post rogue messages on reputable websites. With proactive real-time security protection, companies can ensure that their employees are not clicking on any links that lead them to malware or spam.
Q: What about the dangers of sharing email addresses on Twitter? How are they being misused?
When users publicly Tweet their personal email addresses, they are exposing it for potential exploitation by cyber criminals as it leaves them open to advanced ‘social spear phishing’ attacks and spam campaigns. Social spear phishing sees criminals attacking harvested email addresses with information gleaned from monitoring users’ Twitter conversations or the Twitter API.
According to the recent research conducted by Websense Security Labs, more than 11,000 email addresses were shared worldwide daily via Twitter.