Could Typos Compromise Your Business’ Network Security?

How a few wrong keystrokes may lead your business to ransomware infections, data breaches and serious downtime if you’re not careful.

Hackers understand big user keystroke errors and are starting to focus more on them. Many popular website URLs—Google, Facebook, iTunes, CNN—are currently being targeted and sloppy typists are being preyed upon.

If you recall a few weeks ago, we discussed how your team may be wasting a serious amount of their worktime online? Well, your team might be inadvertently going to time wasting web sites or even sites they need for work and if they’re not careful, they may be opening your business up to major IT Security woes.

Security experts are tracking a growing trend among cyber thieves—creating malicious websites where URLs nearly mask the site a computer user may have intended on typing in. The majority of these criminals are betting that a good number of folks—possibly including many in your workplace—will inadvertently type a ‘.cm’ instead of ‘.com’ at the end of a URL.

The dot-cm phenomenon has started to take on like wildfire, with the 1000 most popular internet destinations already masking popular dot-com websites with a malicious dot-cm extension. I don’t recommend testing if your go-to sites have a tricky and malicious counterpart, but be forewarned that criminals are keeping track of where business people tend to go online during the work day and are creating malicious landing pages that may lead to cyber hacks, especially ransomware attacks.

In the past few weeks, this trend—coined “typosquatting” has been hitting individuals and business across the United States. While dot-com addresses are a very popular target right now, it is unclear if hackers will stop there. As they accrue data on how users mistype popular sites, experts believe that typosquatting may grow in popularity, along with a bigger risk of ransom infections on your business network.

While cybercriminals are targeting popular websites globally, they seem to have honed in on the US as their biggest target. It looks like criminals are focused on taking advantage of this trick—along with many other cyber tactics already in their large arsenal—to break into business networks and ransom or exploit sensitive information for big payloads.

Just to put things into perspective, the dot-cm typo has taken nearly 12 MILLION victims in the first quarter of 2018, alone. Based on those estimates, we are expecting at least 50 MILLION individual attacks per year.

One thing that is certainly clear: the dot-cm scam will make its operators a hefty payload by the end of 2018.

How can you protect your employees at work?

Blocking websites with a dot-cm?—while you might be able to ward off many malicious attacks in the short term by blocking websites that end in ‘.cm’ on your network, in all likelihood next month’s typosquatting security issues will evolve to an entirely unexpected new set of mistyped URLs.

Get rid of those fat fingered team members?—not sure that singling out those of us with a tendency to mistype words is a good solution to solving this scam. But making folks aware of implications of mistyping URLs could help them take internet surfing a little more seriously. One of the biggest issues with the dot-cm scam is that most of us have no clue it exists!

And most of us who would normally not give a second thought to mistyping a URL—no harm in such a little mistake. But once people are aware of the issue, they may think before they click that return key.

Bookmark your pages?—if you normally are in the habit of directly navigating to web sites by typing in a URL, this might be a risky practice. If you’re using a site regularly, consider bookmarking it instead. Particularly, focus on those sites you use the most and sites you visit that require login credentials, such as banking and financial institutions or e-commerce.

A firewall to ward off this traffic?—consider a firewall that helps identify malicious sites. While many older firewalls may just block specific websites (most of us likely have a list of sites on the top of our heads we wouldn’t want employees to land on during the work day), smarter, more modern firewalls actually can distrust websites from specific malicious characteristics. One of the easiest ways to check whether your firewall will protect your business from scams like typosquatting is to get a 3^rd party security assessment—we actually offer this free of charge as a service to Philadelphia-area businesses.

Understand your network security?—know where your team tends to go online, understand that you have patched and updated ALL of your computers on your network. Know what your network activity looks like on an average day to signal malicious activity when it comes in. Having a good understanding of what your network looks like will help you understand your risks in the event a typosquatting incident befalls someone on your staff. The easiest way to figure out whether your network is secure and that you’re not risking your business is to get a free network security assessment.

Is your business doing everything it can to prevent the next big ransom attack?

Criminals are hungry. They’re not going to take a lunch break if it means forfeiting an opportunity from breaking into your network and ransoming your data. Contact us TODAY for a free IT security assessment to make sure you have all of your ducks in a row!