Enable Website typo protection to help against Phishing attacks

Published: April 16, 2023 | Author: René Laas

The purpose of this blog post is to inform you how to protect your users from phishing for websites that use a look-alike URL.

Today’s world security is more important than ever. One of the features of Microsoft Edge is its ability to protect your users against phishing attacks. With the typo protection feature in Microsoft Edge, you can help your users to get phished on websites that use a URL that looks like the required URL. You must think about https://office.com and the malicious URL like https://ofice.com

Note. Website typo protection helps protect you when you accidentally navigate to a fraudulent site after misspelling a well-known site’s URL by guiding you to land on the legitimate site instead. For more information about this topic click here

In this blog post, I will explain how to help your users from getting phished with Microsoft Edge Website typo protection (TyposquattingChecker). You still have several other ways like Microsoft Defender SmartScreen, training, and simulations to protect them from phishing.

Requirements:

Microsoft Edge
Microsoft Intune

What is phishing?

Phishing is one of the most common methods used by cybercriminals to steal sensitive information. Phishing is a technique to trick people into giving away their sensitive information, such as usernames and passwords. The attacker sends an email or a message to the victim, posing as a trustworthy entity, such as a bank, an online store, social media platform, or a company login screen. The message usually contains a link that directs the victim to a fake login page that looks identical to the real one. Once the victim enters their credentials on the fake login page, the attacker can use them to gain access to their accounts.

What is typosquatting?

Typosquatting is a type of cybersquatting that involves registering a domain name that is similar to a popular or well-known domain name but with slight variations or typos. Typosquatting is also known as URL hijacking.

The idea behind typosquatting is to capitalize on the traffic intended for the legitimate website by tricking users into thinking they have reached the intended website when they have actually landed on the typosquatter’s website.

For example, a typosquatter might register the domain name “https://endpointtcave.com” (with an extra “t”) instead of “https://endpointcave.com” and create a website that looks similar to my blog, hoping to capture some of the traffic and people logins to the website.

Typosquatting can be used for various malicious purposes, such as distributing malware, stealing user credentials, displaying ads, or selling counterfeit products. It is considered a form of online fraud and can lead to financial loss, identity theft, or reputational damage for the legitimate website owner and its users.

How to enable website typo protection via Intune

Open Microsoft Intune
In the menu select Devices
Under Devices, select Windows and select configuration profiles
Or use the following link
Click on + Create Profile

Select Windows 10 and later as the platform.
Select Templates as the profile type and select Administrative Templates as the Template name

Click on Create.
Provide a policy name, e.g., EndpointCave-PRD-Edge settings.
Set a description, so that everyone with access to the portal knows the purpose.
Click on Next.
On the Configuration settings section page, enter in the search bar “typo”.