Be careful the next time you try to visit a website by typing the URL into the address bar of your browser – you might land on a website hosting ads for scam products, or worse, a website designed for phishing or hosting malware.
“Typosquatting” is when a crook or scammer registers misspelled domain names (think faceboook or goggle) in the hope of stealing traffic from those legitimate sites for nefarious purposes.
A few years ago, we conducted an experiment to find out how widespread and dangerous typosquatting is, surveying all possible one-character typing errors for six .com domains: Facebook, Google, Twitter, Microsoft, Apple and, for comparison, Sophos.
We discovered 1500 of these websites were registered, including 3% of them we classified as related to cybercrime.
Unfortunately, typosquatting goes way beyond those six companies and websites on the .com top level domain (TLD) that we studied.
As of March 2016, there are more than 1200 TLDs assigned by the Internet Corporation for Assigned Names and Numbers (ICANN) – the non-profit organization responsible for managing the top-level domain name system and Internet Protocol (IP) allocation – from .TV and .biz to .XXX and .sucks.
And there are 251 country code TLDs, representing nearly every country and overseas dependent territory on Earth.
Researchers from the cybersecurity company Endgame recently stumbled across typosquatters taking advantage of the county code for Oman, .om, by mistyping netflix.com as “netflix.om.”
This page led to a page with a pop-up warning users to update their Flash player, a tactic used by cybercriminals to trick people into downloading malware.
Investigating further, the Endgame researchers discovered hundreds of typosquatting sites targeting well-known organizations using the .om TLD, including Netflix, TripAdvisor, the BBC, Twitter, Hyatt and Panasonic.
According to Endgame, “the vast majority of .om registered domains are malicious,” and they are receiving a “non-trivial amount of traffic.”
Equally concerning, says Endgame, is that many popular brands have not registered .om domains, and therefore are vulnerable to typosquatting.
Endgame found that a handful of enterprising scammers have taken advantage of the fact that several websites are selling .om domains, with only a legitimate email address needed for identification.
Typosquatting is costly for businesses – according to the Coalition Against Domain Name Abuse (CADNA), trademark owners who want to pay to block registration of their names across hundreds of new gTLDs could pay as much as $330,000 to protect their brands from cybersquatters.
CADNA says there aren’t enough legal protections for brand owners, or strong enough penalties to keep squatters in check.
But there is something you can do to fight the typosquatting problem, by making it less profitable.
Avoid potentially harmful domains by bookmarking your favorite websites and using search engines instead of typing the web address.
You can get more tips and advice in this helpful article about typosquatting and phishing sites.
To see quick overview of our typosquatting report, check out the following video.
(No video? Watch on YouTube. No audio? Click on the [CC] icon for subtitles.)
Image of computer mouse trap courtesy of Shutterstock.com.
John Harris
Just the other day I mistyped and got “goggle dot com,” it was pretty obvious that it wasn’t the site I wanted, it had that ominous appearance of a malicious site.
GS
I’m surprised they’re going back to this technique I thought there would be far more of the Tabnabbing type as it can be used on a genuine site.
John C.
My undisciplined fingers typed “youotube.com” and found a site that serves up a fake BSOD, along with a toll-free number to call to “fix” the error. What could go wrong?
Anonymous
So you’re saying the age old grandma technique of google searching google is now best practice?
Paul Ducklin
Not sure what age has to do with it…but I don’t think we’re saying there’s a right way or a wrong way. We’re saying, “Type carefully. Look before you leap.”
Anonymous
I noticed that start to get worst, specially, on mobile devices and weak apps they handle websites.
Simon McAllister
I’ve seen a TV advert where a popular ‘bank’ encourages people (particularly elderly people) to ‘miss-spell/type’ something they are searching for, as it may give them different, positive results. I was a little disgusted that they encourage others ‘not’ to spell correctly, let alone increase their threat levels… I mean, a bank! Funnily enough the same bank that I advised NOT to send me SMS messages asking me to reply, but instead send me an SMS to advise me to check something in my online banking app (a secure environment) that requires my attention
Scott
A couple of years ago SOHPOS COM was owned by a cybersquatter, who was looking for payment for an undisclosed email vulnerability as his normal modus operandi. I remember showing Chet one of the ‘ransom’ letters.