ave you ever visited a website that doesn’t look quite right? Or you click on a link and it takes you somewhere you weren’t expecting? Or even misspell a website and end up on what is clearly a scam page? If that link were one from a business you trusted, would your trust in them be affected? Typosquatting, website impersonation and domain spoofing are becoming concerningly common nowadays, and it’s up to us all to fight back.
What are they doing?
There are three main methods that cyber criminals are using in these types of attacks. The first is typosquatting, sometimes called URL hijacking or sting sites. In this attack the cyber criminals take control of websites with similar URLs to a well-known website. Take the example of goggle.com, which would direct people who misspelled Google to phishing sites. The same can be done with the domain, replacing .com with .co or .cm for example to catch out anyone who misspells that part of the address.
The second tactic used is website impersonation. In these cases, cyber criminals build a website that looks just like a business’ original site, except that any details entered, or money paid will end up with the criminals.
Domain spoofing is similar but takes advantage of weaknesses in website security and mail systems. These attacks allow cyber criminals to imitate the email or site of a business and actually directly reach out to victims rather than waiting for them to fall into a trap.
What does this do to the relationship with your customers?
Unsurprisingly, your customers might not like that your website has been used to attempt a cyber-crime. The more tech-savvy customers might also be wondering how and why you have let something like this happen. Either way, it’s definitely not a good look. As a business owner with an online presence there is always a responsibility to protect customers from these kinds of attacks. They not only put your online brand in a very bad light, but it can discourage customers from visiting your website in fear of becoming the victim of a cyber-attack.
In a more general sense, it is something that will discourage certain customers from participating in any online business. This applies particularly to the less tech-savvy customers who might not be very comfortable browsing and purchasing online. One bad experience, especially being scammed or phished, can have a large impact on their shopping habits and how they trust the online world. This, unsurprisingly, is something we definitely want to avoid.
What can businesses do?
The first step any business can take is very simple. Make sure all of your security certificates are up to date! If they expire or aren’t the latest version, you are leaving yourself open to all kinds of problems. The solutions beyond that are your choice. Some businesses prefer to go on the offensive, finding and taking down malicious sites as they appear with the help of Close Digital Protection professionals. Others will build on their defence by purchasing any vulnerable domains and websites, making sure any typos will just redirect to their main page instead of a phishing site. The best solution may be a balance between these two approaches. Purchasing the most vulnerable and common typo sites while proactively taking down the most heinous and dangerous spoofs.