A one-letter typo can leave your computer or phone more vulnerable to malicious software, a cybersecurity firm warns.
Specifically, typing “.om” instead of “.com” at the end of a website address is an increasingly risky error. Ill-willed cyberspace denizens are taking advantage of the “.om” website suffix, according to Endgame, a firm based in Arlington, Virginia.
Endgame’s Malware Research and Threat Intelligence team investigated this type of security ploy — known as “typosquatting” — after an Endgame employee’s typo led him to the website “netflix.om.”
The team has identified more than 300 other “.om” websites that appear suspicious and has made a public listing of those addresses to help you avoid them.
Here’s what happened to the Endgame employee who accidentally visited “netflix.om,” as described in a recent Endgame blog post:
His browser was immediately redirected several times, and eventually landed on a “Flash Updater” page with all the usual annoying (and to an untrained user, terrifying) scareware pop-ups.
The employee knew to leave the site immediately and not click on any of the pop-ups or other malicious content, but doing so could have led to malicious software being installed on his computer or various other types of attack, Endgame reports.
Website addresses ending in “.om” are available for registration because that is the designated suffix for websites based in the Middle Eastern country of Oman, just as “.us” and “.uk” are designated for websites based in the U.S. and United Kingdom, respectively.
In a blog post update yesterday, Endgame reports that since it first warned of “.om” typosquatting last week, a large percentage of the website addresses ending in “.om” had been updated such that they only deliver ads when someone visits those websites on a Macintosh computer.
The firm does not know why that change was made and notes that “.om” typosquatting “remains concerning, as the identified sites remain active and could be switched back to serving more malicious content at any time.”
Have you run into any issues lately as a result of mistyping a website address? Let us know what happened below or on Facebook.