The Typosquatting Crisis
After €24 million stolen by typosquatting a cryptocurrency …https://www.tripwire.com › Home › News
The sources linked above delineates the story of the prosecution of six individuals charged with theft. Though, their crime took place through the digital world using the method of, “typosquatting.” Through typosquatting, the five men and one woman created various websites and web pages that seem legitimate by forming fake URLS to look nearly identical to real and actual websites and web pages. For example, they manipulated websites such as “google.com” and “twitter.com” to appear as, “google.om” and “twiter.com.” On the artificial websites, the scammers designed the pages to look identical to the actual platforms and arranged for data to be transmitted back and forth between the true and fake websites so that users would be less likely to detect that the site they were interacting with was a scam. Through these hijacked pages, the criminals took advantage of users who mistyped popular URLs by stealing funds from investors, stealing login credentials, gain access to bank accounts, and install malware.
This article relates to the topics of “the web,” “hyperlinks,” “web pages,” and “strong connected component” presented in lecture. Particularly, regarding the criminals’ “twiter.com” site, their fake site sent information between itself and the actual twitter site, forming a “strong connected component,” since there are directed links between each link and webpage on “twiter.com.” Considering “twitter” is a website that contains various links, the links on the real page are susceptible to hijacking and re-direection to a malicious page (“twiter”). Also referencing the purpose of the creation of the web being to share more “public data,” it is crucial for users to separate, understand, and protect what they consider to be public or private data while on the web. The webpage and links on (especially) popular websites should be monitored and checked before clicking to ensure that the user will be directed to the intended webpage, and not a fake, malicious page.