Manage Pressing Risks with EPL-Risk.com

A one-stop hub for practical, timely and actionable insights, tools and training that may save thousands of dollars by minimizing potential loss exposures, human resources expenses, training costs, and attorney fees.

Stay on top of current workplace issues, legislation, and employment trends with:
  • Articles, News Briefs, and Checklists
  • Interactive Training Modules
  • Model Handbook with 100+ Template HR Policies, Procedures, and forms

Today's Workplace

Ask Jack: Should We Allow Employees To Play Games On Their Laptops?

An employer wants to keep employees happy. One idea is to allow employees to game during work breaks. Jack examines the cyber risks.

Continue Reading

Ask Jack: If There Is No Evidence Of Data Being Stolen, Can I Still Be Held Responsible?

Jack McCalmon talks about the importance of not just post-breach exposures, but pre-breach exposures as well.

Continue Reading

Ask Jack: What Prevention Steps Are Missing Regarding Cybersecurity?

Most cyber breaches are due to human error. Jack McCalmon explains why training and an "all of the above" strategy is the right move for cybersecurity.

Continue Reading

Ask Jack: What Do You Know About The Re-Emergence Of Typosquatting?

By Jack McCalmon, The McCalmon Group, Inc.

I recently received an email, asking me to visit a vendor's site, but it had a hyphen in the URL. I don't remember a hyphen. I deleted the email.  Did I do the right thing?

 

You did the right thing - when in doubt, never select an embedded link from an email or text.

It is hard to know, but the email you received may have been a social engineering scam called "typosquatting". In a typical typosquatting scam, criminals mimic the design of a popular website and register a URL nearly identical to the site mimicked.

The difference between the real URL and the imposter is often very subtle like an added letter, often an "s"; an added word like "the" ; an added punctuation like an apostrophe; or an added symbol like a hyphen. These changes often escape spell checkers and browser security. They can entrap those that make a typo when entering a URL or simply believe the imposter URL is correct.

Typosquatting has been around for a while, but it is making a comeback. According to one investigation, "200 fake domains impersonating 27 popular brands to trick users into downloading Android and Windows malware" were recently discovered. https://www.tomsguide.com/news/these-misspelled-websites-are-spreading-nasty-malware-how-to-stay-safe

To prevent being ensnared by typosquatting, you should avoid links in emails and texts. Instead, go to a trusted search engine and search independently of an email or text. Additionally, make sure you are typing in the correct URL when you are visiting a site. If the site is flagged as unsafe or looks off, even by a little bit, then do not enter any information.

The final takeaway is that typosquatting is a simple, but effective method of deception, especially when embedded in an email from a source believed to be trustworthy.

 

Finally, your opinion is important to us. Please complete the opinion survey: