Stick with HTTPS, but Stay Vigilant
In the early days of the internet, website URLs started with HTTP, or the Hypertext Transfer Protocol, which essentially facilitates all data exchanges in plain-text on the internet. It has gradually been replaced by HTTPS, which stands for Hypertext Transfer Protocol Secure.
You should always visit sites with HTTPS in the URL and produce a lock symbol right beside it. They offer a level of encryption HTTP websites do not have and are better suited to protect users from having their data stolen or encountering malware. Some browsers, such as Google Chrome, do not allow users to go on HTTP websites at all.
However, you should not automatically assume an HTTPS URL is 100% safe. Hackers can spoof the HTTPS protocol, so it’s vital you take a few additional precautions, such as checking the spelling of a URL for example.
An introduction to “Typosquatting”
“Typosquatting” is a social engineering attack where hackers set up malicious websites that closely resemble a legitimate site’s spelling. The dummy site could have a typo in the URL, an alternative spelling or a different domain ending.
Should a person incorrectly spell a website in their web browser and land on one of these fake websites, they may not even know it. The imposter websites are often designed to look like perfect imitators of the sites they are imitating. If the user does not realize they are on a fake site, they may end up entering sensitive data, such as financial information or username and passwords, which could be used in further attacks.
Malicious Links & Scary Pop-Ups
Bad actors will also attempt to conceal malicious links or websites via short URLs. You commonly see these links used in spam text messages and on social media platforms. Because they are shortened, you can't be sure exactly where the link will lead you, and you could end up downloading malware or visiting a fake site as a result. As if that hasn't scared you enough, consider how scary it is when a pop-up displays on your computer, phone or tablet screen saying your device is infected and you need to call the 800 number to fix it. Bad actors will buy online advisement slots and serve up their malicious content to unsuspecting visitors.
Tools to Protect Yourself
- Bookmark your favorite websites to easily return and avoid mistyping the URL
- Don't click on unexpected emails and links
- Use antivirus software to protect against malware
- Slow down and give the URL you typed in a once-over before hitting enter
- Check to see if a site is legitimate or not using Google's Safe Browsing tool
- Inspect short URLs. Urlex created a tool to expand them again, which can help spot a “typosquatting” attack in its tracks.
- Use a VPN when on public WiFi
- Installing an ad-blocker to defend against unwanted pop-ups
Finally, as we approach the holiday shopping season, keep the above in mind when making purchases online. Don't input credit card details on sites that only offer HTTP. If you need to enter in a credit card, consider using a one-time virtual card instead for that particular site. If you are unsure whether you should be visiting a website or not, email the Support Team here at BlackCloak and we're happy to provide guidance.
.png?upscale=true&width=320&upscale=true&name=BlackCloak%20Device%20Health%20-%20%20Good%20(1).png)
