Aggregator and social network Reddit.com is one of the most popular websites on the internet. In fact, the site it touts itself as the “front page of the internet." But that level of popularity has made it a target for fraudsters, and now, Reddit users, especially those with clumsy fingers, might be at risk.
Why? Because of a simple typo. Typing ‘www.reddit.co instead of www.reddit.com could land you on a phishing website built to mimic the real Reddit in every way. Note the missing ‘m.’ Dot co (.co) is the country code top-level domain (ccTLD) for Colombia, and it’s also a very easy mistake to make when entering a URL.
Reddit.co has been registered for nearly a decade, since 2010, and in that time, it’s been used for a variety of standard typosquatter use cases such as porn cams and flash-based online games. However, when security researcher Alec Muffett accidentally visited the site recently, he discovered that it was now operating as an exact clone of the legitimate Reddit.
In all likelihood, this clone is being used as a man-in-the-middle attack to pull credentials from unwitting users who attempt to log in to their account on the phony site.
HEADSUP: Looking for infosec people at @Reddit. Website at (phishing?) domain reddit(.)co — using the Colombian TLD — was acting a pitch-perfect apparent MITM of the actual Reddit. Now returning 500 before I could screenshot it. Domain ownership is as-follows: pic.twitter.com/hpucMroumd— Alec Muffett (@AlecMuffett) February 5, 2018
After discovering the phony site, Muffett reported it to Google’s Safe Browsing division, who flagged the site as malicious 24 hours later.
What is Typosquatting?
Typosquatting is a form of URL-squatting in which a bad actor registers a domain that is very similar to a popular existing site and relies on user error (typos while inputting a website address) to attract traffic. Typically, these sites are registered in hopes of selling back to the brand-owner, but they have occasionally popped up as phishing schemes, as is the case here.
In the timeline of hacking tools and exploits, typosquatting qualifies as ancient—those of you who came of age in the early 2000s may remember a certain NSFW typosquatting site related to the White House.
But this incident goes to show that sometimes the old tricks can be just as effective as new ones—at least until a security researcher stumbles across your domain.
(h/t Naked Security)