IC3 logoAccording to a recent article in The Miami Herald, the FBI’s Internet Crime Complaint Center (IC3) has noticed a new trend in cybercrime. New scams are targeting popular social networking sites by using domain names that are close typos of the social network site’s domain name to point Internet users to a similar-looking website with a series of survey questions. Once users answer the questions, they are offered a choice of three gifts, such as gift cards or laptops, but when they click on the gifts, they are redirected to another site with more survey questions. As the users keep answering and clicking, they are giving up valuable personal information like name, address, email and phone number, without ever actually receiving the gifts promised. One example of this type of scheme is Faceook.com (notice the missing B). Check out the screenshot here:

 

Facebook fake login page phishing

The big problem here is that Internet users did not recognize that the domain name was a typo. Close typos coupled with a website that looks very similar to the legitimate site makes for a tricky combination – Internet users often do not realize the error until it is too late.

The best way for social networks, or any other business, to stay ahead of scams like this is to proactively register and recover common typo variations of their domain names. Those that receive significant amounts of traffic are most likely the biggest potential risk, because users are more likely to type them into the address bar. Brands can stay ahead of squatters by determining which typos could pose the biggest threat and registering or recovering them before scammers can use them to inflict harm on or steal information from unsuspecting Internet users.