Security Alert: Fraudulent URLs Tricking Users At Record levels

A recent report shows scammers using bogus URLs to send users to fraudulent websites in record numbers. The use of bogus URLs increased by 24% over 2018. Read on to see how they’re doing it.

Here is the general format of a web address: http://www.mywebsite.com/directories/filename.

In the example above, “mywebsite.com” is the real domain, called the Top Level Domain or TLD, because the slash immediately follows it. If you see anything else between the TLD and the slash, it is bogus.

Keeping the above example website in mind, let us look at some of the ways scammers try to trick us:

  • Website misspellings: http://www.mywebsit.com/sample/samplefile.html
    • Comment: the URL at first glance looks like our example, but the scammer left off the “e” at the end and misspelled the domain name. Other ways scammers use misspellings are: by dropping a letter (such as above), switching two letters (mywbesite), using double letters Myywebsite), etc.
  • Subdomain look-alikes: http://secure-mywebsite.com/sample/samplefile.html
    • Comment: “secure-mywebsite.com” is a completely different address than mywebsite.com. The hyphen between “secure” and “mywebsite” does not denote a subdomain, only a dot (.) operator does that. In this case, the scammer purchased a similar-looking domain. This type of fraud is called Typosquatting.
  • Using part of a legitimate site in the address: http://www.mywebsite.com.scamsite.com/sample/samplefile.html
    • Comment: this address includes the name of our sample site, but the fact that there is an additional dot(.) separator and another TLD tells you that the real domain is “scamsite.com” not “mywebsite.com.” There should only be one Top-level Domain or TLD (i.e. .com, .gov, .edu, etc.).
  • Using an “@” symbol with IP address: http://[email protected]/sample/samplefile.html
    • Comment: if you click this link, you’d be taken to a site with an IP address of 123.456.78.111, not to “mywebsite.com.”
  • Using a letter combination look-alike: http://www.rnywebsite.com/sample/samplefile.html
    • Comment: Look closely. The scammer used an “r” and an “n” to represent the letter “m” in the “mywebsite.com” address. Other letter combinations can be used depending on the website name such as a double “v” in place of a “w” (i.e., vv) in an address. Look carefully!

Criminals use bogus websites to download malware onto visitors’ PCs. Once infected, malware can find its way onto network drives, stealing confidential data, holding it ransom, or both.

Whenever using the web, be extremely vigilant. Look closely at all URLs before visiting websites. One letter off, and you could be taken to a fraudulent site with dire consequences. Stay alert!

 XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions whose systems protect 460+ Petabytes of data with over 1400+ employees and 9 offices around the globe. Call (845) 362-9675 and let us introduce you to the ultimate defense against data loss—whatever the cause. Backup & Disaster Recovery | Business Continuity | Data Risk Assessment