© 2024 KRCU Public Radio
90.9 Cape Girardeau | 88.9-HD Ste. Genevieve | 88.7 Poplar Bluff
Donate
Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations
Consumer Handbook
Every week, join Sydney Waters as she helps you navigate life as a smart consumer. You'll cover everything in avoiding the latest scams, including phishing emails, medical equipment fraud, understanding layaway, hiring a reputable tax preparer, and even digital spring cleaning. Add to your toolbox and flip through your Consumer Handbook Thursdays during NPR’s Morning Edition at 6:42 a.m. and 8:42 a.m., only on KRCU.

Consumer Handbook: How “Fat Fingers” And “Typosquatting” Can Cost You

KRCU Public Radio | By Whitney Quick
Published February 17, 2021 at 10:46 AM CST
Flickr/Mary Cullen, instructionalsolutions.com

The manager for a large commercial builder recently called her IT support with serious concerns. One of their clients received an email that at first looked like it came from her work email account, asking for payment on completed work, but it didn’t originate from her office. The email address included her name, and the business domain was only one letter off. The sender asked for a wire transfer of payment for labor and materials on a large project costing almost a million dollars, and the recipient almost paid. This manager’s company has fallen victim to typosquatting, and they’re not alone.

“Cybersquatting” is when someone buys a domain name so they can pretend to be another entity or business. “Typosquatting” is a form of cybersquatting, and occurs when someone buys the misspelling of a domain name to get online traffic from those mistakes. It’s also sometimes called “URL hijacking.” 

A domain name is an entity’s web address, what people type in the navigation bar to visit their website. It might look like “localcharity.org,” or “localcollege.edu.” Email addresses typically follow a formula similar to “bob@businessname.com,” “amy@localcharity.org,” or “professormike@localcollege.edu.” 

When users mistype - or “fat finger” - in the wrong address, they may be taken to a fraudulent website that looks similar to the one they intended to visit. The website owners can use this deception to steal identity information, sell products, or misinform. They can also send email from the misspelled domain name to try and trick the recipient into thinking it came from someone inside the company being mimicked. Recipients might think they’re dealing with a trusted source when they’re really interacting with someone whose whole intent is to deceive. 

Typosquatting takes advantage of people who get in a hurry and don’t pay attention. The best way to avoid mistakes is to do the opposite. After typing in a web address and before hitting “Enter,” double-check the spelling. Once the online destination shows upon the screen, look for the padlock symbol and that the website address includes “https://”. 

Business owners: register common alternate spellings for your domain, including variations with plurals and hyphens. If you own all the similar domains, cybercriminals can’t use them against you. It’s also a good idea to monitor website traffic. A sudden drop off might indicate visitors are being diverted to a fake site through typosquatting.

 
Tags
Crime & Safety Consumer Handbook
Whitney Quick
Cape Girardeau native Whitney Quick is the former Regional Director of Better Business Bureau in Cape Girardeau, MO. She joined the Cape Chamber as Vice President of Programs and Leadership Development in May 2023. Quick is a graduate of Cape Girardeau Central High School and Southeast Missouri University where she majored in public relations.
See stories by Whitney Quick