Site icon Sophos News

Advent tip #18: Avoid typosquatting – type carefully at Christmas!

A few years ago, in the leadup to the holiday season, we programmed a computer to use the web carelessly.

We generated mis-spellings of six well-known domain names, and deliberately browsed to them.

For example, instead of typing facebook.com into the address bar, our purposefully careless computer tried sites like:

gacebook.com
hacebook.com
facebool.com
faceboom.com
faebook.com
fajcebook.com

…and so forth.

By applying every possible one-character typo to the domain names of Facebook, Google, Twitter, Microsoft, Apple and Sophos, we generated 2249 website names.

Of these, an astonishing 1502 websites were alive and active, serving up 14,495 different URLs containing web pages, JavaScript, images and more.

We took a screenshot of every page as it looked after letting it load for 9 seconds.

Let’s just say that very few of them had anything to do with the site, the service or the products of the company whose domain name we’d tweaked.

This trick is called typosquatting, and it’s like having street vendors selling knockoff products right outside a brand-name store – except that it’s often much less obvious that you’re dealing with an imposter.

In short: the sort of typing errors that you make all the time, if you make them in your browser, can put you where you don’t want to be, or where you don’t want your kids to be.

Type carefumbly this Christmas!

(No video? Watch on YouTube. No audio? Click on the [CC] icon for subtitles.)

Images of Christmas tree and Advent calendar courtesy of Shutterstock.

Exit mobile version