A news article published on Bitcoin.com Australia today referenced “typosquatters”, a new breed of cryptocurrency thieves successfully stealing people’s digital assets online.
Typosquatting is a recognized term in cybersecurity. As the name suggests, it refers to a mix of using typos for popular domain names and then cybersquatting. The Wikipedia definition for the latter is as follows:
“Cybersquatting, according to the United States federal law known as the ‘Anticybersquatting Consumer Protection Act’, is registering, trafficking in, or using an Internet domain name with bad faith intent to profit from the goodwill of a trademark belonging to someone else.”
The original cybersquatting term simply involved people buying up domain names related to popular or well-known brands, in the hope that the company would one day purchase the domain name at a big profit. Famous examples in the past have included vodka.com which was sold in 2007 for USD 3.5 million.
Typosquatting, however, is a much more sinister form of cybersquatting, whereby websites with names very similar to other known sites are created in the hopes of being typed in by people manually keying in a website name with a typo. For example, Myeterwallet.com and MyEtherwalet.com would be two typosquatting domain names, relying on people who misspell “MyEtherWallet”, a well-known Ether wallet.
The website would look completely indistinguishable from the genuine one, so users would enter their usernames and passwords, unknowingly submitting this information to the hackers, who would then be able to access their funds. This tactic is generally employed for web wallets, exchanges and other similar centralized services online used to store cryptocurrency.
It has been a problem since at least the turn of the decade, and especially since people began storing cryptocurrency on web services. In Australia, this has become a hot topic after local web portal Micky ran a story in March about a typosquatter who claims he made millions of dollars this way.
To minimize your risk of falling victim to typosquatting, avoid manually entering urls or using search engines to visit them. After verifying the security certificates for websites, bookmark them and save your account details using a password manager. Finally, secure all your accounts with 2-factor authentication; this way, even if you fall victim to typosquatting, hackers will be unable to access your accounts without an access code on a device only you control.
Follow BitcoinNews.com on Twitter: @bitcoinnewscom
Telegram Alerts from BitcoinNews.com: https://t.me/bconews
Want to advertise or get published on BitcoinNews.com? – View our Media Kit PDF here.
Image Courtesy: bitcoinnews.com
