Attention! One-Letter Typo Can Be a Hacking Victim

Type the name of the domain even if it's just one letter, it could be a phishing victim. (photo: dock. Pixabay)

JAKARTA - Cyber ​​attacks can target anyone, including Internet users who mistype a domain name even if it is only one letter.

Known as URL hijacking or typos, this social engineering technique involves adding or changing a single letter and eventually the user will visit the wrong website containing malware.

Due to this typo, hackers can copy images, fonts, and text to create malware websites that look like PayPal, Google Wallet, Microsoft Visual Studio, MetaMask, and other popular websites.

Bleeping Computer, assisted by security firm Cyble, found more than 200 domains that mimic popular websites for Android, Windows, cryptocurrency and stock trading apps, as well as subscription service apps.

The purpose of fake websites for apps is to steal credentials and infect your computer or phone with viruses. Any website that involves subscriptions or payments will have a more direct approach to taking the victim's money or cryptocurrency.

These fake websites are also used in all kinds of phishing campaigns because the common domain name is useful for tricking the victims. URL hijacking and phishing campaigns are nothing new, but they are on the rise.

Quoted by Digital Trends, Wednesday, October 26, the example Bleeping Computer provides is like a trustworthy website for the popular Windows text editor, notepad-plus-plus.org. With that website, the hacker simply added the letter S to the end of the notepad word to create a deceptive domain name.

To protect yourself, make sure Internet users look carefully at the domain name details displayed in the address box of the website you want to visit. Users cannot believe that they are on a real website based solely on appearances.