14 DAY TRIAL // Microsoft Edge is a browser that’s constantly evolving, and one of the most recent updates comes to address a problem that many developers have been ignoring for way too long.
URL typos are being used by malicious actors out there in the most awful way, as they can be used for nefarious practices, such as deploying infected payloads on users’ devices.
Here’s why URL typos are so dangerous.
First and foremost, it’s important to understand what this whole concept means. Every once in a while, when we type a website address in the URL bar of the browser, the text we input comes with typos we don’t notice at first glance. For instance, instead of Microsoft.com, we might actually type microsofft.com, in which case the browser points us to a completely different website.
Cybercriminals out there have been using this problem for their own nefarious purposes, so the content hosted at microsofft.com might actually include malware supposed to help them exploit our devices. The way they do this can be anything from simple approaches, such as asking visitors to download a crafted package, to complex tricks that include phishing scams.
Is there any way to remain protected against these typos? First of all, we should always double-check that the URL is correct when we provide the address manually. Obviously, this doesn’t necessarily happen if we are in a rush, in which case we need to pay attention to the content the website serves in the first place.
However, Microsoft has developed website typo protection, a new feature that automatically detects these typos and prevents users from being redirected to websites that may actually serve malicious content.
“Website typo protection complements the Microsoft Defender SmartScreen service to defend against web threats. Microsoft Defender SmartScreen helps protect users against websites that engage in phishing and malware campaigns,” Microsoft says.
“Typosquatters engage in phishing activities too, but there are only so many ways in which one can mistype a brand. Malicious actors know this and choose to host less aggravating content on “typosquat” URLs to avoid detection. Typosquatting site owners profit on users’ mistakes by taking them to advertising sites, affiliate links, false products, fake search engine results, or in some cases by redirecting users into parked domains reserved for very short-lived phishing campaigns.”
The new feature has been developed to be as straightforward as possible.
When you type an address in the URL bar, Microsoft Edge performs an automatic check in the background to figure out if you’re being targeted by a typosquatting site or not. If this is the case, the browser displays a message to let you know there might be a typo in the URL you just typed.
“Microsoft recommends you double-check the address. Malicious actors often own misspellings of popular sites to try to trick you into buying false products or revealing personal and financial information,” the warning reads.
While Microsoft Edge tells users to double-check the address for typos, the browser also offers them the option to bypass the message or go to the correct website. In this case, Microsoft Edge would point users to Microsoft.com instead of microsofft.com.
However, supposing that microsofft.com is an actual website and you wanted to load it, dismissing the message let you bypass the warning and content the browsing normally.
This new feature is not linked with a specific platform, so it’s available on all platforms where Microsoft Edge is currently available for download. Needless to say, it’s enabled by default in the browser, so there’s nothing that you need to do to make sure you are protected against typosquatting.