The scam is called cyber-squatting or domain squatting, and it’s becoming increasingly common, according to a report published by Palo Alto Networks. The more popular a site is, the more tempting a target it makes for cyber-squatters. Social media platforms and global search engines are top of the hit list, and shopping and financial sites are also among the top targets.
How Does Cyber-Squatting Work?
The point of cyber-squatting is to steal personal information and financial details. The cyber-squatter picks a target, such as PayPal, Apple or a social media site, and buys up a domain name, or several, that are either misspellings of the original or that sound similar. They’re relying on people mishearing or mis-typing the names of sites they’re trying to visit.
A misspelled domain name isn’t always malicious: some small businesses use the tactic to drive traffic to their own website instead of a hugely successful competitor’s. There’s a strong chance an unusual spelling is a threat, though: Palo Alto found around one in three misspelled names were linked to malicious activity.
What Can Businesses Do About Cyber-Squatting?
Palo Alto Networks’ report advises businesses to keep an eye on their online traffic. If it suddenly decreases, there’s a good chance visitors are going somewhere else instead – and while that might mean a new competitor has come online, it might also be a sign of a domain squatter tricking potential customers into visiting their spoof site.
Another option is using a site like names.co.uk to check whether someone already owns variants of your domain.
How Can Individuals Protect Themselves Against Cyber-Squatting?
While cyber-squatting is a definite threat, there are a few simple precautions that help you to avoid it. The first is just to be careful when typing in website addresses into your browser. Double- and triple-check for any spelling errors before you actually navigate to the site. Keep in mind that currently trending topics might attract cyber-squatters: with a lot of people searching for COVID-19, for example, sites related to the pandemic become obvious targets.
Most importantly, check that any site where you’re going to enter your credentials or financial information is secure: the URL should start with “https” instead of “http”. Remembering this one guideline can help protect you from a number of online scams.