The proposed crackdown on fake news websites has shone a light on the use of typosquatting and cybersecurity risks for businesses from employees visiting fake news websites.
Over the past few weeks there has been considerable media attention focused on fake news websites and the harm that these fake news stories can cause.
Just as newspapers and news networks can earn big money from being the first to break a new story, there is big money to be made from posting fake news items. The problem is growing and it is now becoming harder to separate fact from fiction. 2016 has seen fake news stories hit the headlines – Both the problem and the republishing of fake news in the mainstream media.
Fake News Websites are a Serious Problem
This year’s U.S. presidential election has seen the Internet awash with propaganda and fake news posts, especially – but not exclusively – about support for Donald Trump and criticism of Hillary Clinton. Fake news sites such as the Denver Guardian (the periodical doesn’t actually exist) posted news about rigging of the election. Genuine news organizations notably picked up on a story about Denzel Washington supporting Trump; however, the original story was taken from a fake news site. Of course, these are just two of many hundreds of thousands of fake news stories published throughout the year.
All too often fake news stories are silly, satirical, or even humorous; however, they have potential to cause considerable harm and influence the public. Potentially, they could change the outcome of an election.
Consumers are now increasingly basing their opinions on fiction rather than fact. Fake news is nothing new of course, but the U.S. presidential election has brought it to the forefront and has highlighted the extent to which it is going on – on a scale never before seen.
Worldwide governments are now taking action to crackdown on the problem. Germany and Indonesia have joined the U.S. in the fight against fake news stories and there have been calls for greater regulation of online content.
Facebook has received considerable criticism for failing to do enough to prevent the proliferation of fake news. While CEO Mark Zuckerberg dismissed the idea that fake news on Facebook was influential in the election – “the idea that fake news on Facebook, which is a very small amount of the content, influenced the election in any way, I think is a pretty crazy idea.” However, last month he confirmed a new initiative to address hoaxes and fake news. Facebook is to make it easier for users to report fake news stories, third-party fact checkers will be enlisted, news websites will be analyzed more closely, and stories will be pushed down the rankings if they are getting fewer shares.
All of the attention on fake news sites has highlighted a tactic that is being used to spread fake news – a tactic that has long been used by cybercriminals to spread malware: Typosquatting.
Typosquatting and Cybersecurity Risks
Typosquatting – otherwise known as URL hijacking – is the use of a popular brand name with authority to fool web surfers into thinking a website is genuine. The fake news scandal brought attention to the tactic after fake news items were posted on spoofed news websites such as usatoday.com (usatoday.com.com) and abcnews (abcnews.com.co).
To the incautious or busy website visitor, the URL may only get a casual glance. The slightly different URL is unlikely to be spotted. This may only result in website visitors viewing fake news, although in many cases it can result in a malware download. Cybercriminals use this tactic to fool web surfers into visiting malicious websites where malware is automatically downloaded.
Typosquatting is also used on phishing websites and for fake retail sites that relieve visitors of their credit card information or other sensitive credentials.
Even fake news sites are a problem in this regard. They often contain third-party adverts – this is one of the ways that fake news stories generate income for the posters. Those adverts are often malicious. The site owners are paid to display the adverts or send visitors to malicious websites. Adverts are also used to direct visitors to fake retail sites – zappoos.com or Amazoon.com for example. Many fake news sites are simply used as phishing farms.
While consumers can be defrauded, businesses should also take note. Since many of these sites are used to either spread malware or direct users to malicious sites where malware is downloaded, fake news sites are a serious cybersecurity risk.
Governments and social media networks may be taking a stand against these malicious sites, but businesses should also take action. All it takes is for one user to visit a malicious site for malware or ransomware to be downloaded.
Fortunately, it is possible to reduce risk with a web filtering solution. Web filtering solutions such as WebTitan can be used to block access to websites known to contain malware. Malicious websites are rapidly added to global blacklists. If a web filtering solution is used, an employee will be prevented from visiting a blacklisted site, which will prevent a malware download.
Malicious adverts can also be blocked and prevented from being displayed. Malicious links on fake news sites can also easily be blocked. Users can also be prevented from visiting websites when clicking on links to the sites in emails or on social media websites.
For further information on the full range of benefits of WebTitan and to find out how you can sign up for a free 30-day trial of WebTitan, contact TitanHQ today.