Oregon FBI’s Tech Tuesday: Building a digital defense against ‘typosquatting’

PORTLAND, Ore. (KTVZ) -- This week, the Oregon FBI’s Tech Tuesday feature focuses on building a digital defense against typosquatting.

Typosquatting already sounds somewhat unpleasant … but, in reality, it can be even worse. Think of a website you go to every day. Now imagine someone replacing one letter or character in that web address with something that would be a common misspelling. Perhaps you are typing Google but add one too many “o’s”. In another version of typosquatting, the bad actor adds on a different domain at the end … perhaps something.com is a real site, but something.net or something.us are bogus.

The FBI issued a warning about this very thing last fall concerning a series of websites set up to look as though they were official U.S. Census sites. While 2020census.gov WAS legit, “ensus.com,” “census-bureau.us” and many others were not. This same fraudulent activity can target any agency or business.

When you accidentally click on that fake link, you may end up downloading malware onto your device. Or, in some cases, the fraudster will go to great lengths to replicate the look of the real website you think you are at. The goal is to get you to put your information – such as user IDs and passwords – into the bogus site.

Here’s how to protect yourself:

• Go slowly and check the web address you type into the browser bar before hitting enter. If you go fast and don’t pay attention, you are likely to make mistakes.
• If you own a company, consider paying to register all the web addresses that are close in spelling to yours and those with different domains than yours. (For instance, buy the web address ending in .com as well as .net and .org for your company.)
• Regularly update anti-virus and anti-malware programs on your devices.

If you believe are a victim of an online scam, you should report the incident to the FBI’s Internet Crime Complaint Center at www.ic3.gov or call your FBI local office.