Making a typo while punching in the addresses of popular websites could lead to major headache for technology users.
Mistyping ".com" as ".om" on more than 300 well-known sites could put consumers at risk of getting routed to malicious sites that will try to install malware on their computer, phone or other digital devices, according to cybersecurity company Endgame.
The scam was discovered by one of its employees when he mistyped www.netflix.com as www.netflix.om taking him to a site that issued alerts recommending that he update his Flash software. That ruse, common on the Internet, is used to get people to inadvertently install malware on their computers.
"Luckily, the Endgamer recognized danger and retreated swiftly, avoiding harm," the company wrote on its blog. "Was this an isolated case or was it only a sample of a more prevalent and dangerous campaign? Not only is it a potentially common error on an extremely popular site, but our hypothesis was that it is unlikely limited to only Netflix."
Endgame also found evidence that the scam targets major companies by registering their names with the .om domain. Endgame predicts that the scheme is set to widen to out sites, which means consumers need to be on the alert.
The key to avoiding harm -- and this scam targets both Mac and Windows users -- is to resist the urge to click the popup to download the software, since consumers are prompted to click on the Flash updater to install the malware. It won't install by itself.
So what is .om? It's the country-specific domain name for Oman, and Endgame found that it was relatively easy to register a site with the domain. The company registered two domain names with .om, and was told it would have a two-month waiting period, which it could expedite for an additional fee. In one case, Endgame hit a snag when the registrar asked for proof it was associated with the brand the company claimed to represent, but the second domain name application is in progress.
"As we detailed, hundreds of malicious domains clearly not associated with the targeted brand have recently been registered. It is highly unlikely that purchasers had proof of ownership," Endgame said.
The security company says businesses can protect themselves by registering their brand names with the .om ending, thwarting "typosquatters" who might seek to profit from consumers' clumsy typing. The full list of fake .om sites includes brands such as Citibank, CBS (the parent company of CBS MoneyWatch) Gmail and Yelp.