Hyper-squatting and praying on job seekers

Thursday 24th August 2017
Whose what among websites and luresites?

Gaberlunzie wants to Blog about really bad taste and nasty money making! And co-incidentally he’s just been fed the right material. The main discover comes from Domain Tools who discloses type squatting and ad click generations, whereas Gaberlunzie warns you to take care of you
CV as it can also be heisted for job seeking gain presumably!

Tim Helming, director, Product Management at Domain Tools who noticed a typo squatting ad click generation campaign on Facebook, which was disguised as an Easyjet boarding pass.  On further investigation, he found that the same person behind this campaign is greedily connected to some  113 other domains, that are happily disguised as brands that include such reputables as  British Airways, Ryanair and Pizza Hut!!

His full findings and explanation of how these attackers make money, alongside tips top avoid them are below. “We noticed a new ‘Easyjet’ scam floating around on Facebook, disguised as a boarding pass in honour of the brand’s anniversary. However, the domain –  easyjetlover[.]us is registered to someone who is connected to 113 other domains, many of which are also typosquatting other well-known brands and organisations. 

Examples of other domains also registered by the same person include:

  • britishairways-com[.]us
  • easyjetflights[.]us
  • ryanair-freepass[.]us
  • pizza-huts[.]us
  • tesco-uk[.]us

“The website that the victim is redirected to asks for personal information.  It is clear to see that they don't really exhibit much creativity in their website design, as it looks just like an Aldi coupon scam that we discovered a couple of months ago.

‘Easyjet’ website
Similar ‘Aldi’ website

“This is what is known as a Typo-squatting Ad click generation campaign. The website that the victim is redirected to asks for personal information; and in some cases,  ask you to connect to your profile on Facebook or other social media websites. The stolen credentials can be resold or traded on underground forums and sites. Also, these scams can be further weaponised to drop ransomware or other more advanced styles of malware if the attackers so choose. The ease of further weaponising a simple campaign like this is concerning in and of itself.

“Things to look out for are:

  • Look for typos on the website, coupon, or link that is directing you.
  • Watch out for domains that have COM-[text] in them. We're so accustomed to seeing .com that we can easily overlook the extra text that's appended to it with a dash.
  • Watch all website re-directs by hovering over URLs to see where the link will take you.
  • Realise that if something is too good to be true, it likely is.”


The ripoff Gaberlunzie noticed, as he applied idly for a job in his bosses name - was accidentally to fall over this and discover that CV library who insists that you must register your email, has itself got no email registration that you can easily turn to enquire as to how you got your bosses CV hijacked!!  Be warned when you use the CV Lbrary -  use a different designer but if you get spammed consider Gaberlunzie's next email as quoted foot of page!










Custom Search

Scotland, Computer News in Scotland, Technology News in Scotland, Computing in Scotland, Web news in Scotland computers, Internet, Communications, advances in communications, communications in Scotland, Energy, Scottish energy, Materials, Biomedicine, Biomedicine in Scotland, articles in Biomedicine, Scottish business, business news in Scotland.

Website : beachshore