Typosquatting: How Spelling Errors Could Lead to Scams

Typosquatting 404x404_header

It’s a common enough scenario, and familiar to most: When typing a URL in the Web browser’s address bar, you accidentally mistype the name. You may type ctibank.com instead of citibank.com, gacebook.com instead of facebook.com, or the ever popular gooogle.com instead of google.com.

The page at the wrong address is an example of typosquatting, where scammers register domains with names that are similar to legitimate sites. The owner of the site benefits from the fact that the user mistyped the name, whether by displaying ads and links, setting up fake storefronts, or tricking users with phishing pages.

At best, it’s just an annoyance. At its worst, it may be malicious. And it’s pretty prevalent. Experts have estimated nearly 80 percent of mistyped URLs wind up on typosquatting sites.

Not Always Bad, But Usually
Of course, some sites may legitimately have addresses that look similar to popular brands. Those are easy to figure out. If you land on goole.com, you will know it’s a site about an English town, and not a typosquatting one. Then there are the pages that seem harmless, such as the ones displaying advertisements or a parked page with a bunch of links. The typosquatting page window.com has links to Windows 7 and Windows 8, but if you don’t click on it and just close the window, no harm done.

While advertisements, offers to sell you the domain, or these parked pages constitute a majority of the typosquatting sites, there is a very real danger associated with these fake pages. Cybercriminals can grab these domains to create fake websites that look similar to the actual site so that users don’t realize right away they’ve landed in the wrong place. This is the perfect setup for a phishing scam, to trick users into entering their login credentials before redirecting them back to the real site. The users don’t realize what happened, and the criminals operating the site now have their information.

Fake sites Wikapedia.com and Twtter.com took the phishing scam another step further, by making the pages look like the real sites and displaying advertisements for contests offering iPads and MacBooks as prizes. Users were prompted to enter their credit card information and other sensitive information as part of the contest to claim their prizes.

Fraudulent Transactions
Scammers may set up an online store to convince visitors to browse and shop for products. If it was a typo domain appl.com, users may not realize they’d just bought junk and not a brand new Mac Book Pro. Or they may see a link for iTunes but wind up signing up for a service that sends prime-rate SMS messages to your cellphone.

Scammers may also be using the sites to drive some clicks to their advertising campaigns. Don’t click.

Criminals may setup sites hosting malware at these sites. This is a bit more unusual, since attackers aren’t going to be able to dispose of the domain and move onto a new one when the address invariably gets blacklisted for hosting malware. There aren’t that many variations of the domain name the attackers can use, so they tend to use other scams instead that will let them use the domain for a longer period of time.

How to Stay Safe
Companies take typosquatting seriously. Apple has in the past gone to the courts regarding appl.com, wwwApple.com, appl-e.com, and apples-stores.com for being too similar to its own domain name. Back in 2012, a United Kingdom watchdog organization fined wikapedia.com and Twtter.com $156,000 each for trying to trick users into thinking they were the real sites. A California judge ruled in favor of Facebook in May last year, awarding the social networking giant close to $2.8 million in damages and control of a little over a hundred domains with misspelled variants of its name.

When typing in the link to a website, pay close attention to what you type. Don’t just hit enter or click on “search” right away—read over what you typed to try to catch that typo at the last minute.

It’s also important to get in the habit of quickly checking the URL to make sure you landed on the page you intended. Sometimes the site may look like the real thing, and that last check can help you from making a big mistake.

Enable safe browsing mode in the Web browser. Internet Explorer, Firefox, and Chrome all have features where they block access to a page suspecting of hosting malware or otherwise malicious. If the site you fat-fingered is malicious, the browser will stop you.

Make sure your security software is up-to-date. If the typosquatting page hosts malware, the antivirus software will most likely detect the danger and block the file from being downloaded onto your computer.

Above all, never, ever, click on links in emails, text, chat messages, or social networking sites. You may not realize the links have a typo when you first look at it. If you type the URL instead of clicking, you will notice the typo, and thus avoid the scam.

Thank You!

Thanks for subscribing to our newsletter. You should receive a confirmation email soon.

Subscribe to our newsletter!

Stay updated with the latest security news, tips, and promotions.

zonealarm free av