Netflix.om is not the same as Netflix.com.
While it’s common for hackers to lure unsuspecting web users to sites with URLs that include commonly typed typos, more typosquatters are using Oman’s “.om” country suffix because an “.om” looks a lot like a “.com.”
In fact, there’s been a huge increase in registrations from Oman in the last month for this very reason.
Information security company Endgame published its research into malicious typosquatting, which is when people register web addresses like google.om or googgle.com and redirect those addresses to sites riddled with advertising, malware and adware.
Endgame compiled a list of 319 malicious web addresses that specifically use the .om domain. However, since releasing the list, many malicious web addresses anchored around very popular websites, such as amazon.om, netflix.om and yelp.om, no longer point to an actual website.
Some entries including yatra.om, baidu.om and adp.om point to advertising, but there is no saying that some of the other web addresses don’t host malicious content that can infect your computer. Endgame notes many malicious sites are now toned down to just host advertising.
“The goal of these pages is simply to generate as much advertising revenue as possible for the bad actors while trying to keep naïve users engaged and/or scared in order to keep them clicking more links and prolonging their sessions,” Endgame writes on its site.
To battle this issue, companies often grab a few similar web address names just in case people spell it incorrectly. For example, googel.com and gooogle.com both redirect to google.com. But web developers can’t snatch up every iteration of these typo-inspired addresses.
At the very least, awareness of this act seems to have malicious typosquatters scaling back their efforts, but with more “.om” suffixes on the rise, be cautious not to fall into a typo trap.