We've all done it at least once before - you head to a website but can't quite get there because you typed .om instead of .com. Seems like a harmless mistake, but a newly-resurfaced style of hacking called "typosquatting" is turning innocent typos into a serious threat.
Discovered by Endgame over the weekend, this typosquatting effort includes more than 300 popular domain names including heavy hitters like Netflix and Amazon. Only, instead of Netflix.com or Amazon.com, if you type .om and miss the "C" in "com," it can have devastating consequences.
For example, when the bug was discovered, one Endgame user accidentally typed in Netflix.om instead of Netflix.com to his Web browser. He was then redirected several times, eventually being asked to update Adobe Flash and install a program called Genieo.
Can you guess what happens next? Luckily, these malicious programs don't install by themselves, but if you click and download them, the installs will cripple OS X users with malware. Meanwhile PC users will see Web pages loaded and crammed with ads, pop-ups and scareware, aka ads that scare you into downloading fake anti-virus software and the like.
Don't click or install any of these links/downloads/ads!
So far, there's a list of around 300 domains that hackers have snatched up with .om to beware of, and they include domains in just about every area: Google, Old Navy, AOL, Dropbox, CNN, GoDaddy, LinkedIn, The Huffington Post, WordPress, Verizon, Wal-Mart, YouTube and hundreds more. Click here to see the full and growing list from Endgame.
When I typed in Netflix.om into the Chrome browser, I was prompted to download a random, third-party media player that you don't need one of those to view Netflix online. You can see the malware site below:
And, just for kicks, I decided to try Amazon.om too. In this situation I was prompted to take a survey.
Needless to say, don't click or download any of these links or take any of these surveys. In fact, you also might want to consider uninstalling Adobe Flash Player because it's riddled with security problems. In fact, Adobe itself has recommended you stop using it. So if you see something about the Adobe Flash Player needing an update, ignore it, because you've already uninstalled it.
You also might want to consider installing some pretty thorough security software so you don't even need to worry about threats like this is the first place.