Typosquatting is a social engineering attack that involves convincing unwitting victims to visit a website with the wrong URL. This involves tricks used by scammers to trick people into visiting the wrong websites. When users visit this website, they believe that they are on the right one, and input their details.
For example, a crypto enthusiast may want to head to Binance.com, but end up on Blnance.com. Scammers rely on their potential victims making mistakes while typing the URL to a crypto-related website or clicking on the wrong link once a search engine result is displayed.
This type of attack occurs because hackers register domain names with misspelled names of popular crypto websites, and clone the websites to give a genuine feel to visitors. Visitors can be redirected to the malicious website when they type in the wrong URL into the browser or click a link sent to them in their email or social media accounts.
To further sell their hack attempt, the scammer may craft the misspelled domain website to look like the genuine crypto platform, convincing people to enter their log-in details or private key.
Typosquatting can occur when the user misspells the URL, uses the alternative spelling of the word, adds or forgets to add a hyphenated domain, and opts for a wrong domain ending.
There may be different outcomes when a user falls for this scam. Firstly, the scammer may have access to their private data that they can use to their advantage. Secondly, if the information leaked is the log-in details or private key, the funds or holdings in the wallet or account may be stolen. If the private keys of a wallet are stolen, it usually ends in the theft of the crypto in the wallet.