Beware of 559cd.com: A Scam Site Pretending to Be 599cd.com

Quick security heads-up for all my students.

One of my students, Philip, emailed me today to let me know he accidentally "fat fingered" a web address and ended up on 559cd.com instead of my real website, 599cd.com. Unfortunately, 559cd.com is NOT my site. It appears to be a typo-squat scam site set up specifically to catch people who mistype my domain name.

If you've never heard of this before, it's a very common trick. Scammers register web addresses that are just one character off from a legitimate site and then use them to push fake downloads, bogus "security checks," or malware. I wrote about this before when people set up face sites like rnicrosoft.com.

What Phillip saw (and what I confirmed myself) was a fake security page that claimed you needed to click an "I'm a human" button in order to continue. After that, it tries to download a file to your computer. In my case, it downloaded something called NetGuard.msix, which is an MSIX installer package (a Windows app installer format). I did NOT run it, and I deleted it immediately. But the whole point of the scam is to trick someone into installing it.

This is exactly the kind of thing scammers want:
- A site that looks official enough to fool you for 5 seconds
- A big friendly button to click
- An automatic download of "software" that claims to protect you
- A file name that sounds legitimate (like "NetGuard")

Also worth noting: when I tested it, Chrome actually warned me and said something like, "Did you mean 599cd.com?" That means this typo domain has likely been flagged as suspicious by other users too.

How this scam works
1. Someone types 559cd.com by mistake (instead of 599cd.com)
2. The scam site shows a fake "security check"
3. It tries to funnel you into downloading and installing a "privacy" or "security" app
4. If you install it, it can potentially change your browser settings, install unwanted extensions, inject ads, track browsing activity, or worse

What you should do if you hit this site
If you accidentally land on 559cd.com (or any sketchy look-alike site):
- Close the browser tab immediately
- Do NOT click anything
- Do NOT install anything
- If a file downloads, delete it

If you already downloaded something:
- Delete it before opening it
- Empty your recycle bin (optional but fine)

If you ran/installed it:
- Uninstall it immediately (Settings > Apps)
- Run a Windows Defender scan
- Check your browser extensions and remove anything you don't recognize
- Check your homepage / default search engine settings

Tips to avoid this in the future
Here are a few simple habits that will protect you from 99% of this nonsense:
- Bookmark my site and use the bookmark instead of typing it
- Double-check the address bar before clicking download buttons
- Be suspicious of any website that forces downloads
- Never install software from random popups or "security checks"
- If Chrome warns you, listen to it

And just to be crystal clear:
My website is 599cd.com.
If you're not on 599cd.com, you're not on my site.
BOOKMARK IT FOR THE FUTURE so you don't have to type it in.

I'll include a screenshot below so you can recognize what this scam looks like. If you see it, don't click anything. Just close it and go to the correct site. I'm going to see what else I can do, like filing takedown reports with Google and Microsoft. Since I'm just a one-man shop, it's tough to go after these people legally, especially if they're in an another country. I ain't got that kind of gold-pressed latinum for legal action. That's what I get for hiring a Ferengi as a lawyer.

Thanks again to Philip for the heads-up.

LLAP
RR