Be very careful when you click on a link in an email: some Internet addresses are deliberately faked to lead you to fraudulent sites in order to mislead and defraud you!

Be very careful when you click on a link in an email: some Internet addresses are deliberately faked to lead you to fraudulent sites in order to mislead and defraud you!

You may have already had the bitter experience of this: after typing the address of a very popular site into the search bar of your web browser, you have landed on a site of dubious authenticity, to say the least. The graphic charter seems to be the same as the site you were looking for, as do the products or services offered, but small details make you uncomfortable. You are right : you are on another website, an imitation intended to deceive you. In fact, you have probably made a typo, a spelling mistake, reversed, added or forgotten letters, and you came across a URL close to the reference one, created by a cybercriminal and intended to deceive those who make a careless error. It’s simply what we call typosquatting (or typosquatting in English).

The typosquatting technique consists of imitating the URL of a site – preferably a well-known one – by introducing subtle differences in its composition. It is based on confusion or simple human error, such as a typo (gogle.com instead of google.com, indeeed.fr instead of indeed.fr), a spelling error (amazonne.fr instead of amazon.fr), the addition or removal of a hyphen (iledefrance.mobilites.fr instead of iledefrance-mobilites.fr), a bad domain extension (impots.gouv.com instead of impots. gouv.fr), etc. So many small errors that can go unnoticed if you are not very attentive.

The fake address directs to a site fraudulent which copies the original, using the official logo and graphic charter of the real organization. A way to trick you into entering personal information, such as your username, password, email address or, worse, your banking details. It is also possible that these sites are well-optimized pages containing ads or pornographic content, which generate high revenue streams for their owners. Sometimes they also harbor malware, like ransomware — which demands a ransom for access to encrypted personal files by the cybercriminal — or Trojan horses, intended to infect your device.

Hackers can also use typosquatting for their phishing campaigns. They then pretend to be an official organization such as Social Security, the Tax Center or the Family Allowance Fund, and send you a message by email or SMS inviting you to update data or identify yourself to resolve a technical problem and resolve a situation. To do this, you are invited to click on a link leading to a fraudulent site. Thanks to typosquatting, its URL is very close to the official address, which can give you confidence and make you lower your guard. Here are some examples of deceptive Internet addresses whose domain names have already been registered by hackers in the past in order to set up scams:

• amanzon.fr
• almeli.fr
• amleli.fr
• applle.fr
• applr.fr
• cdiscounte.fr
• chronopostfr-suivi-colis.fr
• colisssimo.fr
• spaceclientcanl.fr
• fenac.fr
• free-box.fr
• gogole.fr
• google.fr
• jacquietmichel.fr
• lebomcoin.fr
• labanquepotale.fr
• lacaf.fr
• wwwimpotsgouv.fr
• wwwlaretraite.fr

In short, you understand the principle! To avoid being fooled, remember to always check the site address and pay attention to its spelling before clicking on it. Do not hesitate toBookmark the sites you visit most frequently to make sure you don’t make any mistakes. Otherwise, prefer to use a search engine rather than manually entering the address by hand. If you receive a link by SMS or email, go to the official address yourself, without clicking on it. If you ever have the slightest doubt, check that the visited site is secure and authenticated by an SSL certificate: if there is no small padlock in front of the URL and it begins with “http” – and no “https” -, therefore the site is not secure and may be potentially fraudulent. Finally, don’t forget to report any fraudulent messages to the Signal Spam services and Pharos.