Typo-Squatting Bitwarden vs Bitwadan

I think fast, I talk fast, and I type fast. If you heard me typing, you would hear more backspace typing then you would actually hear letter or space typing. Too bad the backspace doesn’t have a different sound, or maybe I’m glad it doesn’t. This morning, I fell

Typo-Squatting is the malicious purchasing of a domain that is similar to an existing domain, usually a popular domain. DO NOT GO HERE, but b i t w a d e b . c o m (notice no R in bitwarRden) is an actual domain that even prompts for a robot check, see screenshots. I have purposely put a space between each character above so it it wouldn’t accidently link or easily be copied and pasted into the browser. Yes, for you tech savy folks you will see it is underlined but that is my doing to make it noticeable, not because it is a hyperlink.

Google owns several hundreds of domains for misspelling to protect itself and users. Try gogle.com (notice one O) or gooogle.com (notice three O’s), or even googel.com (notice EL). They all route to the same place and it’s the home page of Google. Here’s a small list of 6000+ which also includes subdomains: https://github.com/nickspaargaren/no-google/blob/master/google-domains

After I passed the human check it automatically downloaded a file without my prompting. I IMMEDIATELY deleted the file but that’s not the point. The point is this domain is only ONE character away from the actual domain. I was typing too quick and hit enter before realizing the R was missing.

I thought the human check was a little off, not because bitwarden.com doesn’t use human/robot checks, but because it looked too large and a different look and feel than other human/robot checks. Now that I read the text on the notice below ‘I’m a human’ it does tell you about an automatic download to finish proving your humanity. Who reads fine print these days? At least the bad guys warn you, lol.

There’s even the Google CAPTCHA icon on the bottom right of the screen. This is not a Google CAPTCHA that I’ve ever seen. I k ow they’ve gone through a couple revisions but this is not one of them.

I say all this to say, I try to warn people about bad guys on the internet and keeping yourself as secure as possible and even I clicked a little too far. I often times click into things I probably shouldn’t or even reply to anonymous texts or answer spam phone calls just to see their techniques and have some fun. I wish I could start this out by saying that. Not true. I honestly clicked the link to prove my humanity. I stopped as soon as the file downloaded and immediately deleted the file but an unaware user might double click that downloaded file out of curiosity.

There’s a saying in security awareness about fatigue and prompting someone to do something so many times they just end up doing it to get rid of it. Or prompting them at late hours of the night or early hours of the day to play with their mental instability. Because this was quite early, I might have been in that state. It’s not an excuse, just an observation.

The caution here would be to continue to be careful and always keep your digital head on a swivel. The bad guys are always looking for a way to trick you. Don’t make yourself an easy target. Even IT Professionals like myself can make mistakes.