Domain misspelling phishing sites

There’s no quicker way to give hackers your Facebook username and password than to mistype the Facebook URL in your browser window and type it into a phishing site. (Phishing sites are designed to look like the real site, but are run by Very Bad People With Nothing Better To Do so that they can steal your passwords). For example, if you hit www.facebok.com (notice the missing ‘o’), you get sent to a site that looks a bit like Facebook but is really a pop-up heaven designed to part you with your money, identity, etc.

There is a very easy way to thwart these things, if you mistype the same thing now and then and you want to prevent the popup storm. Go to your “hosts” file:

c:\windows\system32\drivers\etc\hosts

Open it in wordpad, and add the line:

0.0.0.0 www.facebok.com

This will cause any browsers on your computer to believe the nefarious URL “www.facebok.com” is at IP address 0.0.0.0, which doesn’t exist. So if you type it by mistake, your browser will say “Unable to connect” rather than taking you to the bad web site.

Repeat for any sites you don’t like. There are entire lists of hosts files on the net for stopping all kinds of ads, images, popups, etc. – this is just the very tip of the iceberg.

On a unix-based Macintosh it’s /etc/hosts, and you most likely need to be root to edit it (or use sudo for root permissions while editing).