Ask Jack: What Do You Know About The Re-Emergence Of Typosquatting?

By Jack McCalmon, The McCalmon Group, Inc.

I recently received an email, asking me to visit a vendor's site, but it had a hyphen in the URL. I don't remember a hyphen. I deleted the email.  Did I do the right thing?


You did the right thing - when in doubt, never select an embedded link from an email or text.

It is hard to know, but the email you received may have been a social engineering scam called "typosquatting". In a typical typosquatting scam, criminals mimic the design of a popular website and register a URL nearly identical to the site mimicked.

The difference between the real URL and the imposter is often very subtle like an added letter, often an "s"; an added word like "the" ; an added punctuation like an apostrophe; or an added symbol like a hyphen. These changes often escape spell checkers and browser security. They can entrap those that make a typo when entering a URL or simply believe the imposter URL is correct.

Typosquatting has been around for a while, but it is making a comeback. According to one investigation, "200 fake domains impersonating 27 popular brands to trick users into downloading Android and Windows malware" were recently discovered.

To prevent being ensnared by typosquatting, you should avoid links in emails and texts. Instead, go to a trusted search engine and search independently of an email or text. Additionally, make sure you are typing in the correct URL when you are visiting a site. If the site is flagged as unsafe or looks off, even by a little bit, then do not enter any information.

The final takeaway is that typosquatting is a simple, but effective method of deception, especially when embedded in an email from a source believed to be trustworthy.


Finally, your opinion is important to us. Please complete the opinion survey:

Site Zones

Select Organization Type

Select Program

My Community Workplace