Brian Krebs, a renowned cybersecurity journalist, wrote about a large-scale typosquatting campaign in his blog. “Typosquatting” refers to domains that mimic some of the most popular internet destinations. Criminals often use them to create malware or spamming websites. Krebs, together with cybersecurity expert Matthew Chambers, discovered an entire typosquatting network with over 1,000 names such as espn[dot]cm, aol[dot]cm, and itunes[dot]cm, all registered in the .cm domain, which is Cameroon’s ccTLD. The idea is quite simple: people mistype “com,” not hitting the “o” key hard enough and get “cm” instead.
Accessing dot-cm pages can have an unpleasant outcome, for example, numerous fake malware alerts popping up and blocking the device’s screen. It is worth noting that the scam only occurs one time, and after that the page will not be found again. This way criminals protect them from cybersecurity researchers: having fulfilled its goal, the pages go into sleep mode for some time.
Krebs and Chambers found out that all typosquatting domains had been registered by staff members of Media Breakaway, headed by Scott Richter, a convicted felon paying multimillion fines and a once self-proclaimed “spam king.” In addition, the experts managed to view the pages’ logs. The number of hits is impressive: almost 12 million in the first quarter of 2018. The logs also showed that typosquatting pages were accessed from NASA, the US House of Representatives, the US Department of Justice and the CIA among other users. Brian Krebs warns users that typing the name of the site directly into a web browser address bar may be rather risky. It is better to bookmark the websites visited most frequently and thoroughly check the links written in the address bar.
