Government Technology

    Digital Communities
    Industry Members

  • Click sponsor logos for whitepapers, case studies, and best practices.
  • McAfee

Personal Computing: The Threat of "Typosquatting"



November 26, 2007 By

In getting to Web sites, neatness counts. If you type in the wrong Web address, you might be in for a surprise.

You could be taken to a site run by a business that competes with the site you were trying to get to, to a rogue site that lampoons the intended site, to a porn site that tricks you or your children into its seediness, or to a spam or phishing site that steals your e-mail address, your money or your identity.

This phenomenon goes by the names "typosquatting" and "URL hijacking." A new study by McAfee, a maker of computer security software, sheds some interesting light on it. Among its findings:

  • If you misspell a popular URL (Uniform Resource Locator), or Web address, you have about a 1-in-14 chance of landing at a typosquatter site.
  • The five most highly squatted categories are game sites such as miniclip.com, runescape.com and minijuegos.com, airline sites such as ryanair.com, united.com and lufthansa.com, mainstream media sites such as vh1.com, globo.com and qvc.com, dating sites such as plentyoffish.com, true.com and singlesnet.com, and technology and Web 2.0 sites.
  • Sites for children and teens such as webkinz.com, clubpenquin.com and neopets.com are also heavily targeted. Some of the trick sites are designed to expose children to pornography.

Among the more celebrated examples of typosquatting have involved the Web search site Google and the user-written Web encyclopedia Wikipedia. By mistyping www.google.com as www.goggle.com, users were taken to the site of a rogue software maker that automatically downloaded spyware to their computers.

Wikipedia endured a similar experience. By mistyping www.wikipedia.org as www.eikipedia.org, www.wilipedia.org or www.wikipedi.com, or by mistyping en.wikipedia.org as en.wiipedia.org, en.wikipedi.org or en.wikipediia.org, users were directed to sites with pop-up ads, spyware downloads and ad-generating Web directories.

Typosquatters bank on the fact that people make simple typing mistakes, misspell words, add an "s" to make a name plural when it shouldn't be, and get the top-level domain wrong by typing "com" instead of "org," for example.

"Typosquatting illustrates the wild west mentality that remains dominant in major portions of the Internet," says Jeff Green, a McAfee senior vice president. "Even at its most benign, this practice takes consumers to places they never intended and penalizes legitimate businesses by siphoning customers away."

One common technique used by typosquatters is to profit from click-through ad revenue. Legitimate ad syndication services affiliated with Google and other search sites enable typosquatters to make money by tricking people into coming to their sites, where revenue-generating ads are displayed.

Another, more nefarious, technique is to continue the ruse by tricking people into thinking they're at the real site, using copied logos, page layouts and content. When you then type in credit card, Social Security and other sensitive data, the criminals use that data to steal your money and your identity.

Typosquatting isn't a new phenomenon, but it is increasing in frequency, judging by the number of cases filed with the World Intellectual Property Organization's arbitration system. This is one remedial method available to sites whose addresses have been copied.

Another method is to send, or have your lawyer send, a cease and desist letter or e-mail to the typosquatting site, which is more effective if the copying was innocent rather than venal. In some cases these disputes wind up in court.

Some companies try to prevent typosquatting by registering or buying a few or many different Web addresses


| More

Comments

Jim    |    Commented November 27, 2007

Typosquating is simply profiting from deception and misdriection. Who profits? The likes of Google and Yahoo, the ad providers. This really is a wild west, translated lawlessness, environment. Ultimately I am afraid legislation may be needed that makes the ad providers liable for this fraudulent behavior in order to get this under control.

Jim    |    Commented November 27, 2007

Typosquating is simply profiting from deception and misdriection. Who profits? The likes of Google and Yahoo, the ad providers. This really is a wild west, translated lawlessness, environment. Ultimately I am afraid legislation may be needed that makes the ad providers liable for this fraudulent behavior in order to get this under control.

Jim    |    Commented November 27, 2007

Typosquating is simply profiting from deception and misdriection. Who profits? The likes of Google and Yahoo, the ad providers. This really is a wild west, translated lawlessness, environment. Ultimately I am afraid legislation may be needed that makes the ad providers liable for this fraudulent behavior in order to get this under control.


Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
Digital Cities & Counties Survey: Best Practices Quick Reference Guide
This Best Practices Quick Reference Guide is a compilation of examples from the 2013 Digital Cities and Counties Surveys showcasing the innovative ways local governments are using technological tools to respond to the needs of their communities. It is our hope that by calling attention to just a few examples from cities and counties of all sizes, we will encourage further collaboration and spark additional creativity in local government service delivery.
Wireless Reporting Takes Pain (& Wait) out of Voting
In Michigan and Minnesota counties, wireless voting via the AT&T network has brought speed, efficiency and accuracy to elections - another illustration of how mobility and machine-to-machine (M2M) technology help governments to bring superior services and communication to constituents.
Why Would a City Proclaim Their Data “Open by Default?”
The City of Palo Alto, California, a 2013 Center for Digital Government Digital City Survey winner, has officially proclaimed “open” to be the default setting for all city data. Are they courageous or crazy?
View All