I don’t know about you, but I love Christmas in Australia, long summer days, the sound of cicadas at night, seafood on Christmas day, or traditional ham with roasted veggies. I just love the festive season. And I must confess that I love Christmas shopping. Yep, I’m one of those people! Once I’ve put some time and thought into what gift I’d like to give to my family members, I go online and surf for the perfect bargain, or simply to find out which retailers have the gifts I want.

But in my haste to type in an address I do make typos, and I’ve just read a report that tells me one little typo like missing the “o” in “.com” could land me somewhere I don’t want to be! This seemingly innocent misspelling in domain names is actually a criminal scheme to direct you to scam websites.

In the past, McAfee released a report that revealed .vn as the riskiest country code domain name. In 2024, the winner was .su, which stands for the former Soviet Union. Although the country is defunct, scammers continue to use this domain for phishing attacks that spread viruses and other nasties designed to cause havoc on your home computer. Certainly not what you need this Christmas. Australia’s domain “.au” is relatively safe in comparison to the rest of the web, but it certainly doesn’t mean we’re safe while surfing the wild, wild web.

Another 2024 report showed that .com, aside from being the most popular top-level domain, is now also the most abused one used in typosquatting.

As you go online to shop for holiday presents, make your banking payments, or book your holiday travel, you’ll need to be more alert about typing those domain names on the address bars to avoid being a victim of typosquatting. Here’s a more detailed look at this scam, its dangers, and what you do if you accidentally end up on a dangerous site.

What is typosquatting?

Typosquatting is a cybercriminal tactic where attackers register domain names that closely resemble legitimate websites, specifically targeting common typing mistakes you might make when entering URLs. Google is the top impersonated brand, being misspelled online as goggle, closely followed by Microsoft as microsfot, and Amazon as amaz0n.

Malicious actors take advantage of the small slip-ups we all make, such as missing a letter, swapping characters, or hitting the wrong key, to redirect you to fake websites that steal your usernames, passwords, and personal information. Others may automatically download malware onto your device.

According to research in 2024, internet services are the most targeted names in typosquatting (29.2%), followed by professional services (26.09%) and online shopping websites (22.3%). The consequences can include identity theft, financial fraud, compromised accounts, and infected devices that put your entire digital life at risk.

Factors that enable typosquatting

Typosquatting thrives because it sits at the intersection of human habits and internet mechanics. Cybercriminals are banking on these small human blunders to direct you to their malicious look-alike domains, using visual tricks such as similar-looking characters or misleading subdomains. Throw in search ads and SEO that push these sites in front of us even without a typo, and you get a perfect storm for typosquatting. Once you understand the factors that allow typosquatting to flourish, you can avoid falling victim to it.

• Human error. The most common cause is simply how we type and interact with devices. We could be typing hurriedly, multitasking, or distracted, and using small mobile screens where errors can be easily made. Miss a letter, swap characters, or rely on predictive or autocorrect spelling, and you could end up on a compromised website.
• Visual deception. Cybercriminals create domains that look almost identical to legitimate ones using visual tricks such as replacing characters in a domain name. They also use lookalike subdomains that appear official, such as “secure-login.amazon-customer.com,” which isn’t Amazon at all.
• Domain system vulnerabilities. The global domain name system’s complexity creates multiple avenues for deception. Alternative top-level domains (TLDs) like .cm, .co, or .net can be registered to capture traffic meant for .com sites, creating more opportunities for lookalike domains that can bypass traditional security filters.
• Search result manipulation. Through search engine optimization tactics and paid advertisements, cybercriminals can position fraudulent sites prominently, increasing the likelihood you’ll click on them even though you haven’t made a typing error.

Common typosquatting tactics

Typosquatters use a playbook of tweaks built around the typing mistakes people make. The goal is always the same: catch you in a moment of hurry and usher you to a fake page before you notice anything’s off. Being aware of these common typosquatting techniques will teach you to recognize when you might be in danger of visiting a fake website.

• Keyboard-adjacent typos: These tactics exploit common typing mistakes when your fingers mistakenly hit nearby keys, such as typing “gnail.com” instead of “gmail.com”. Cybercriminals register these predictable mistyped domains to capture your traffic.
• Missing or extra letters: Attackers register domains with one letter removed or added to popular sites. You might type “amazo.com” or “amazoon.com” in your mad rush to shop online, landing on a fake site.
• Swapped characters: This involves switching the order of letters in familiar domains. Instead of “paypal.com,” you could accidentally visit “payapl.com” or “paypla.com.”
• Wrong top-level domains (TLDs): Scammers register the same domain name with different TLDs, which could host malicious content, including phishing pages. You might mean to visit “banking.com” but end up at “banking.net” or “banking.org.”
• Subdomain impersonation: These attacks use legitimate-looking subdomains to fool you. A URL like “secure-update.microsoft-login.com” might look official, but the actual domain is “microsoft-login.com,” not Microsoft’s real site.
• Homoglyph attacks: These use visually similar characters from different writing systems or symbol sets. In certain fonts or symbols, the letters “rn” together can look like “m,” so “arnazon.com” might appear as “amazon.com.” International characters and symbols make these attacks particularly deceptive.
• Brand + keyword combinations: Attackers combine popular brand names with common keywords to create convincing fake domains. Sites like “apple-support.com,” “google-security.com,” or “microsoft-updates.com” aren’t official company sites but can appear legitimate enough to trick you into entering personal information.

The dangers of typosquatting

Typosquatting puts you at risk in several ways, one of which is that cybercriminals can steal your personal information through convincing phishing pages that look identical to legitimate sites. You might unknowingly enter your login credentials, credit card details, or other sensitive data directly into their hands.

Malware downloads represent another significant threat. Some fraudulent sites automatically install harmful software onto your device, potentially giving attackers remote access to your computer or mobile device. Payment fraud is particularly concerning when typosquatting targets banking or shopping websites, as you could complete transactions that go straight to scammers instead of legitimate businesses.

Your privacy could also suffer when malicious sites steal cookies and session data, allowing criminals to impersonate you on legitimate websites. They can access your accounts, view your browsing history, and monitor your online activities without your knowledge.

Immediate action plan if you end up on a typosquatted site

1. Stop entering any information immediately. The moment you realize you’ve landed on a suspicious site, don’t move a finger to enter passwords, personal details, or payment information. Typosquatted sites are specifically built to capture this data, so your first defense is simply stopping any interaction with the page.
2. Close the browser tab or window right away. Don’t click any links, buttons, or ads on the suspicious site. Quickly close the tab or window to prevent any potential malware downloads or further data collection. If your browser warns you about leaving the page, ignore the warning and close it anyway.
3. Clear your browser data for that specific site. Go to your browser’s settings and clear the cookies, cache, and browsing data related to the suspicious domain you just visited. Google recommends this step to remove any tracking elements or malicious cookies that may have been installed during your brief visit.
4. Run a comprehensive security scan on your device. Use your antivirus software to perform a full system scan immediately to detect any malware that might have been downloaded while you visited the typosquatted site. Consider downloading a reputable solution like McAfee+ for complete protection.
5. Check your recent account activity on major services. Log into your banking, email, and social media accounts to review recent activity, login attempts, unauthorized access, and suspicious changes. The Cybersecurity & Infrastructure Security Agency recommends monitoring account activity after potential security incidents.
6. Change passwords and enable multi-factor authentication. If you entered any credentials on the suspicious site, change those passwords immediately across all your accounts and enable two-factor authentication where possible to provide extra protection.
7. Report the suspicious domain. To protect others, report the fake website to your browser provider (Chrome, Firefox, Safari) and to the Anti-Phishing Working Group.

Protect yourself against typosquatting

So here are my tips on how to stay safe while surfing:

Tip #1: Apply sunscreen

Well, the number one tip goes without saying, Slip, Slop, and Slap when you’re lapping up the glorious Aussie sun, and don’t forget to reapply!

Tip #2: Update your security software

I only have one word for you: Antivirus!

Now I’ve got to admit, since starting out on this quest as Cybermum, I’ve learnt a few things, and I think one of the most important lessons has been that you can never have too much protection when it comes to your home computer. I liken having up-to-date security software to reapplying your sunscreen. Just because you loaded some security software a couple of years ago, doesn’t mean you’re safe now! You’re bound to get burnt unless you reapply, so for your computer, this means update! Check out McAfee Total Protection.

Tip #3: Double-check before hitting enter

If you can end up in Cameroon surrounded by infected sites simply by missing an “o,” it’s certainly worthwhile checking your spelling before hitting the enter key!

I know I find it difficult to determine when a site is safe or not. I certainly know that my kids wouldn’t have even given it a second thought until I loaded McAfee’s WebAdvisor on our home computer. It’s pretty cool and it’s been really easy for my kids to understand as it provides a traffic light system of red, yellow and green icons to indicate a website’s risk level, so I know when my kids are surfing the net this summer they’ve got their own little traffic warden steering them away from sites that could have seen them surfing in Cameroon instead of Australia!

Aside from these key tips and the immediate steps listed above, I’ve rounded up a few other reminders to make sure you end up on a legitimate website and keep your device and information safe:

• Bookmark your trusted websites. Create bookmarks for your frequently used banking, shopping, and social media sites. This way, you can click directly on the bookmark instead of typing the URL and risking an error that could take you to a malicious site.
• Type URLs directly in your browser’s address bar. When accessing sensitive accounts such as online banking or shopping, always type the website address directly into your browser’s address bar rather than using search engine results, which might include malicious lookalike sites that aim to capture your information.
• Double-check domain names and extensions carefully. Before entering any personal information, take a moment to verify the exact spelling of the website address and its domain extension (.com, .org, .gov). Look for subtle changes such as extra letters, hyphens, or different extensions that signal a fake site.
• Enable your browser’s built-in security features. Turn on safe browsing warnings in Chrome, Firefox, Safari, or Edge to help detect and warn you about potentially dangerous websites.
• Consider secure DNS settings. Consider switching to secure DNS services such as Cloudflare (1.1.1.1) or Google DNS (8.8.8.8), and enable HTTPS-only mode in your browser to ensure encrypted connections to websites.
• Never click links in unexpected emails or text messages. In 2024, phishing continued to be the top method that scammers used to contact people and direct them to typosquatted domains. So instead of clicking links, type the website address directly or use your bookmarks.
• Trust your instincts. If a website looks different than usual, has unusual pop-ups, asks for unexpected information, or just feels strange, close your browser tab or window immediately. Trusting your instincts could be one of your best defenses against online threats.

Final thoughts

Typosquatting may seem like a small concern, but knowing its risks of typos can make a big difference in your online safety. Simple typing mistakes in domains can redirect you to malicious sites designed to steal your information or infect your devices.

To avoid becoming a victim of typosquatting, the key is for you to develop mindful habits such as bookmarking trusted sites and double-checking URLs before hitting the enter key on your keyboard, or before typing sensitive information or downloading files. Always look for secure connection indicators such as the padlock icon to confirm you’re on the correct website.

In addition, using reliable tools such as McAfee WebAdvisor and McAfee Total Protection gives you the assurance of safety while you browse, bank, and shop online. McAfee security solutions work quietly in the background, alerting you to suspicious sites and keeping you on the safe path. Share this knowledge with your family and friends, because when we’re all aware of these simple tricks that criminals use, we can all enjoy the internet more safely together.

Happy Christmas shopping and safe surfing.

The post Oh what a difference an “o” can make! appeared first on McAfee Blog.

I think I could count on one hand the people I know who have NOT had their email hacked. Maybe they found a four-leaf clover when they were kids! Email hacking is one of the very unfortunate downsides of living in our connected, digital world. And it usually occurs as a result of a data breach – a situation that even the savviest tech experts find themselves in.

What is a data breach?

In simple terms, a data breach happens when personal information is accessed, disclosed without permission, or lost. Companies, organisations, and government departments of any size can be affected. Data stolen can include customer login details (email addresses and passwords), credit card numbers, identifying IDs of customers e.g. driver’s license numbers and/or passport numbers, confidential customer information, company strategy, or even matters of national security.

Data breaches have made headlines, particularly over the last few years. When the Optus and Medibank data breaches hit the news in 2022 affecting almost 10 million Aussies apiece, we were all shaken. But then when Aussie finance company Latitude was affected in 2023 with a whopping 14 million people from both Australia and New Zealand, it almost felt inevitable that by now, most of us would have been impacted.

The reality is that data breaches have been happening for years. In fact, the largest data breach in Australian history happened in 2019 to the online design site Canva which affected 139 million users globally. In short, it can happen to anyone, and the chances are you may have already been affected.

Your email is more valuable than you think

The sole objective of a hacker is to get their hands on your data. Any information that you share in your email account can be very valuable to them. Why do they want your data, you ask? It’s simple really – so they can cash in!

Some will keep the juicy stuff for themselves – passwords or logins to government departments or large companies they may want to ’target’ with the aim of extracting valuable data and/or funds. The more sophisticated ones will sell your details including name, telephone, email address, and credit card details to cash in on the dark web. They often do this in batches. Some experts believe they can get as much as AU$250 for a full set of details including credit cards. So, you can see why they’d be interested in you.

The other reason why hackers will be interested in your email address and password is that many of us re-use our login details across our other online accounts. Once they’ve got their hands on your email credentials, they may be able to access your online banking and investment accounts, if you use the same credentials everywhere. So, you can see why I harp on about using a unique password for every online account!

How big is the problem?

There is a plethora of statistics on just how big this issue is – all of them concerning. According to the Australian Institute of Criminology, of all the country’s cybercrime reports in 2024, about 21.9% involved identity theft and misuse. The Australian Bureau of Statistics adds that the identity theft victimisation rate has steadily increased from 0.8% to 1.2% from 2021 to 2024, respectively.

Meanwhile, The Australian Government revealed that at least one cybercrime is reported every 6 minutes, with business email compromise alone costing the national economy up to $84 million in losses. Regardless of which statistic you choose to focus on, we have a big issue on our hands.

How does an email account get hacked?

Hackers use a range of techniques—some highly sophisticated, others deceptively simple—to gain access. It is important to know how these attacks happen so you can stay ahead and prevent them.

• Phishing scams: These are deceptive emails that trick you into entering your login details on a fake website that looks legitimate.
• Data breaches: If a website where you used your email and password gets breached, criminals can use those leaked credentials to try and access your email account.
• Weak or reused passwords: Using simple, easy-to-guess passwords or the same password across multiple sites makes it easy for hackers to gain access.
• Malware: Malicious software like keyloggers can be installed on your computer without your knowledge, capturing everything you type, including passwords.
• Unsecure Wi-Fi networks: Using public Wi-Fi without a VPN can expose your data to criminals monitoring the network.

From email hack to identity theft

Yes, absolutely. An email account is often the central hub of your digital life. Once a cybercriminal controls it, they can initiate password resets for your other online accounts, including banking, shopping, and social media. They can intercept sensitive information sent to you, such as financial statements or medical records.

With enough information gathered from your emails, they can commit identity theft, apply for credit in your name, or access other sensitive services. If you suspect your email was hacked, it’s crucial to monitor your financial statements and consider placing a fraud alert with credit bureaus.

Signs that your email has been hacked

• You can no longer log in. The most obvious sign of an email hack is when your password suddenly stops working. Cybercriminals often change the password immediately to lock you out.
• Friends receive strange messages from you. If your contacts report receiving spam or phishing emails from your address that you didn’t send, it’s a major red flag that someone else has control of your account.
• Unusual activity in your folders. Check your “Sent” folder for messages you don’t recognize. Hackers might also set up forwarding rules to send copies of your incoming emails to their own address, so check your settings for any unfamiliar forwarding addresses.
• Password reset emails you didn’t request. Receiving unexpected password reset emails for other services (like your bank or social media) is a sign that a hacker is using your email to try and take over your other online accounts.
• Security alerts from your provider. Pay attention to notifications about new sign-ins from unfamiliar devices, locations, or IP addresses. These are often the first warnings that your account has been compromised.

Steps to email recovery

If you find yourself a victim of email hacking, these are a few very important steps you need to take. Fast.

Change your password

Using a separate, clean device, this is the very first thing you must do to ensure the hacker can’t get back into your account. It is essential that your new password is complex and totally unrelated to previous passwords. Always use random words and characters, a passphrase with a variety of upper and lower cases, and throw in some symbols and numbers.

I really like the idea of a crazy, nonsensical sentence – easier to remember and harder to crack! But, better still, get yourself a password manager that will create a password that no human would be capable of creating. If you find the hacker has locked you out of your account by changing your password, you will need to reset the password by clicking on the ‘Forgot My Password’ link.

Update other accounts that use the same password

This is time-consuming, but essential. Ensure you change any other accounts that use the same username and password as your compromised email. Hackers love the fact that many people use the same logins for multiple accounts, so it is guaranteed they will try your info in other email applications and sites such as PayPal, Amazon, Netflix – you name it!

Once the dust has settled, review your password strategy for all your online accounts. A best practice is to ensure every online account has its own unique and complex password.

Sign out of all devices

Most email services have a security feature that lets you remotely log out of all active sessions. Once you’ve changed your password, signing out from your email account also signs out the hacker and forces them to log-in with the new password, which fortunately they do not know. These, combined with two- or multi-factor authentication, will help you to regain control of your account and prevent further compromise.

Inform your email contacts

A big part of the hacker’s strategy is to get their claws into your address book to hook others as well. Send a message to all your email contacts as soon as possible so they know to avoid opening any emails—most likely loaded with malware—that have come from you.

Commit to multi-factor authentication

Two-factor or multi-factor authentication may seem like an additional, inconvenient step to your login, but it also adds another layer of protection. Enabling this means you will need a special one-time-use code to log in, aside from your password. This is sent to your mobile phone or generated via an authenticator app. So worthwhile!

Check your email settings

It is common for hackers to modify your email settings so that a copy of every email you receive is automatically forwarded to them. Not only can they monitor your logins to other sites; they can also keep a watchful eye on any particularly juicy personal information. So, check your mail forwarding settings to ensure no unexpected email addresses have been added.

Also, ensure your ‘reply to’ email address is actually yours. Hackers have been known to create an email address that looks similar to yours, so that when someone replies, it will go straight to their account, not yours.

Don’t forget to check your email signature to ensure nothing spammy has been added, as well as your recovery phone number and alternate email address. Hackers also change these to maintain control. Update them to your own secure details.

Scan your computer for malware and viruses

Regularly scanning your devices for unwanted invaders is essential. If you find anything, please ensure it is addressed, and then change your email password again. If you don’t have antivirus software, please invest in it.

Comprehensive security software will provide you with a digital shield for your online life, protecting all your devices – including your smartphone – from viruses and malware. Some services also include a password manager to help you generate and store unique passwords for all your accounts.

Consider creating a new email address

If you have been hacked several times and your email provider isn’t mitigating the amount of spam you are receiving, consider starting afresh. Do not, however, delete your old email address because email providers are known to recycle old email addresses. This means a hacker could spam every site they can find with a ‘forgot my password’ request and try to impersonate you and steal your identity.

Your email is an important part of your online identity so being vigilant and addressing any fallout from hacking is essential for your digital reputation. Even though it may feel that getting hacked is inevitable, you can definitely reduce your risk by installing some good-quality security software on all your devices.

Trusted and reliable comprehensive security software will alert you when visiting risky websites, warn you when a download looks dodgy, and block annoying and dangerous emails with anti-spam technology. It makes sense really – if you don’t receive the dodgy phishing email – you can’t click on it. Smart!

Finally, don’t forget that hackers love social media – particularly those of us who overshare on it. So, before you post details of your adorable new kitten, remember it may just provide the perfect clue for a hacker trying to guess your email password!

Report the incident

Reporting an email hack is a crucial step to create a necessary paper trail for disputes with banks or credit agencies. When reporting, gather evidence such as screenshots of suspicious activity, unrecognized login locations and times, and any phishing emails you received. This information can be vital for the investigation.

• Your email provider: Use their official support or recovery channels immediately. They can help you investigate and regain control of your account. Do not use links from suspicious emails claiming to be from support.
• Financial institutions: If you’ve disclosed sensitive financial information or use the email for banking, contact your bank and credit card companies immediately. Alert them to potential fraud and monitor your statements.
• Friends, family, and contacts: Send a message to your contacts warning them that your account was compromised. Advise them not to open suspicious messages or click on links sent from your address during that time.
• Your employer: If it’s a work email, or if your personal email is used for work purposes, notify your IT department immediately. They need to take steps to protect company data and systems.
• Relevant authorities: For financial loss or identity theft, you can report the incident to authorities like the FBI’s Internet Crime Complaint Center or Action Fraud in the UK. This creates an official record and aids in wider law enforcement efforts.

Check if online accounts linked to your email were compromised

• Prioritize critical accounts: Immediately check your online banking, financial, and government-related accounts. Review recent activity for any unauthorized transactions or changes.
• Review social media and shopping sites: Check your social media for posts or messages you didn’t send. Review your online shopping accounts like Amazon for any purchases or address changes you don’t recognize.
• Enable alerts: Turn on login and transaction alerts for your sensitive accounts. This will give you real-time notifications of any suspicious activity in the future.

Should you delete your hacked email account?

Generally, no. Deleting the account can cause more problems than it solves. Many online services are linked to that email, and deleting it means you lose the ability to receive password reset links and security notifications for those accounts.

More importantly, some email providers recycle deleted addresses, meaning a hacker could potentially re-register your old email address and use it to impersonate you and take over your linked accounts.

The better course of action is to regain control, thoroughly secure the account with a new password and multi-factor authentication, and clean up any damage. Only consider migrating to a new email address after you have fully secured the old one.

Future-proof your email after reclaiming control

• Run a full security scan: Before doing anything else, run a comprehensive scan with a trusted antivirus program on all your devices to ensure no malware or keyloggers remain.
• Double-check security settings: Confirm that your recovery email and phone number are correct and that multi-factor authentication is enabled, preferably using an authenticator app rather than SMS.
• Review account permissions: Check which third-party apps and websites have access to your email account. Revoke access for any service you don’t recognize or no longer use.
• Set periodic reminders: Make it a habit to review your account’s security logs and settings every few months to catch any potential issues early.

• Learn to spot phishing: Be skeptical of unsolicited emails asking for personal information or creating a sense of urgency. Check the sender’s address and hover over links before clicking.
• Keep software updated:Regularly update your operating system, web browser, and security software to protect against the latest vulnerabilities.
• Secure your devices: Use comprehensive security software like McAfee+ on all your devices—computers, tablets, and smartphones—to protect against malware, viruses, and risky websites.

Provider-specific email recovery

Each email provider has a specific, structured process for account recovery. It is vital to only use the official recovery pages provided by the service and be wary of scam websites or third-party services that claim they can recover your account for a fee. Below are the official steps of the major providers that you can follow.

Gmail

1. Go to Google’s official Account Recovery page.
2. Enter your email address and follow the on-screen prompts. You will be asked questions to confirm your identity, such as previous passwords or details from your recovery phone number or email.
3. Once you regain access, you will be prompted to create a new password.
4. Immediately visit the Google Security Checkup to review recent activity, remove unfamiliar devices, check third-party app access, and enable 2-step verification.

Yahoo email

1. Navigate to the Yahoo Sign-in Helper page.
2. Enter your email address or recovery phone number and click “Continue.”
3. Follow the instructions to receive a verification code or account key to prove your identity.
4. Once verified, create a new, strong password.
5. After regaining access, go to your Account Security page to review recent activity, check recovery information, and turn on 2-step verification.

Outlook or Hotmail

1. Go to the official Microsoft account recovery page.
2. You’ll need to provide your email, phone, or Skype name, and verify your identity using the security information linked to your account.
3. If you cannot access your recovery methods, you will be directed to an account recovery form where you must provide as much information as possible to prove ownership.
4. After resetting your password, visit your Microsoft account security dashboard to review sign-in activity, check connected devices, and enable two-step verification.

Final thoughts

Your email account is the master key to your digital kingdom, and protecting it is more critical than ever since many of your other accounts are connected with your email. Realizing “my email has been hacked” is a stressful experience, but taking swift and correct action can significantly limit the damage.

By following the recovery steps and adopting strong, ongoing security habits like using a password manager and enabling multi-factor authentication, you can turn a potential crisis into a lesson in digital resilience. Stay vigilant, stay proactive, and keep your digital front door securely locked.

To add another wall of defense, consider investing in a trusted and reliable comprehensive security software like McAfee+. Our solution will help you dodge hacking attempts by alerting you when visiting risky websites, or downloading questionable apps, and blocking malicious emails with anti-spam technology.

The post What to Do If Your Email Is Hacked appeared first on McAfee Blog.