Clicking through search results to a website comes with the risk of landing on a spoofed page that is actually a phishing scam, but so does navigating directly by typing a URL into your browser. As reported by Krebs on Security, researchers at security firm Infoblox have identified a swath of scams on lookalike and parked (or placeholder) domains. If you end up on one of these websites, you’ll be directed not to the trusted page you’re expecting but scam content, including scareware and other malware.
Lookalike domains contain malicious content
This scam capitalizes on you navigating directly to a website by typing the URL into your browser’s address bar. If you accidentally mistype either the top-level domain (TLD)—.gov or .com, for example—or the second-level domain (SLD), which is the company name (Google or Amazon), you could land on a page that has been commandeered by threat actors for malicious purposes.
In some cases, these may be typosquats, meaning cybercriminals have registered domain names that look nearly identical to trusted ones. In others, they may be real domains that have expired and are simply advertising placeholders that spread malware.
Infoblox researchers found that visiting one of these sites often initiates a chain of redirects, through which threat actors profile data like your IP geolocation, device fingerprint, and cookies. That means you don’t necessarily need to click any links on the parked page to be served malicious content. They note, though, that parked websites were only malicious if visited from a residential IP address and benign if accessed using a VPN or a non-residential IP.
How to avoid parked domain scams
One common piece of advice for avoiding phishing websites is to type trusted URLs directly into the address bar rather than clicking through search, as threat actors will try to exploit results, including placing paid ads, to redirect you to malicious domains. This can still be a safe way to get to your destination, but you should check your spelling of both TLDs and SLDs carefully, as small errors could land you on a scam site.
I’ve covered similar website trickery like homograph attacks, which use lookalike characters in URLs to direct you to phishing sites that, on the surface, appear to be legitimate domains. Unless you inspect the address very carefully, you may not catch the scam.
