Government Technology

Personal Computing: The Threat of "Typosquatting"



November 26, 2007 By

In getting to Web sites, neatness counts. If you type in the wrong Web address, you might be in for a surprise.

You could be taken to a site run by a business that competes with the site you were trying to get to, to a rogue site that lampoons the intended site, to a porn site that tricks you or your children into its seediness, or to a spam or phishing site that steals your e-mail address, your money or your identity.

This phenomenon goes by the names "typosquatting" and "URL hijacking." A new study by McAfee, a maker of computer security software, sheds some interesting light on it. Among its findings:

  • If you misspell a popular URL (Uniform Resource Locator), or Web address, you have about a 1-in-14 chance of landing at a typosquatter site.
  • The five most highly squatted categories are game sites such as miniclip.com, runescape.com and minijuegos.com, airline sites such as ryanair.com, united.com and lufthansa.com, mainstream media sites such as vh1.com, globo.com and qvc.com, dating sites such as plentyoffish.com, true.com and singlesnet.com, and technology and Web 2.0 sites.
  • Sites for children and teens such as webkinz.com, clubpenquin.com and neopets.com are also heavily targeted. Some of the trick sites are designed to expose children to pornography.

Among the more celebrated examples of typosquatting have involved the Web search site Google and the user-written Web encyclopedia Wikipedia. By mistyping www.google.com as www.goggle.com, users were taken to the site of a rogue software maker that automatically downloaded spyware to their computers.

Wikipedia endured a similar experience. By mistyping www.wikipedia.org as www.eikipedia.org, www.wilipedia.org or www.wikipedi.com, or by mistyping en.wikipedia.org as en.wiipedia.org, en.wikipedi.org or en.wikipediia.org, users were directed to sites with pop-up ads, spyware downloads and ad-generating Web directories.

Typosquatters bank on the fact that people make simple typing mistakes, misspell words, add an "s" to make a name plural when it shouldn't be, and get the top-level domain wrong by typing "com" instead of "org," for example.

"Typosquatting illustrates the wild west mentality that remains dominant in major portions of the Internet," says Jeff Green, a McAfee senior vice president. "Even at its most benign, this practice takes consumers to places they never intended and penalizes legitimate businesses by siphoning customers away."

One common technique used by typosquatters is to profit from click-through ad revenue. Legitimate ad syndication services affiliated with Google and other search sites enable typosquatters to make money by tricking people into coming to their sites, where revenue-generating ads are displayed.

Another, more nefarious, technique is to continue the ruse by tricking people into thinking they're at the real site, using copied logos, page layouts and content. When you then type in credit card, Social Security and other sensitive data, the criminals use that data to steal your money and your identity.

Typosquatting isn't a new phenomenon, but it is increasing in frequency, judging by the number of cases filed with the World Intellectual Property Organization's arbitration system. This is one remedial method available to sites whose addresses have been copied.

Another method is to send, or have your lawyer send, a cease and desist letter or e-mail to the typosquatting site, which is more effective if the copying was innocent rather than venal. In some cases these disputes wind up in court.

Some companies try to prevent typosquatting by registering or buying a few or many different Web addresses


| More

Comments

Jim    |    Commented November 27, 2007

Typosquating is simply profiting from deception and misdriection. Who profits? The likes of Google and Yahoo, the ad providers. This really is a wild west, translated lawlessness, environment. Ultimately I am afraid legislation may be needed that makes the ad providers liable for this fraudulent behavior in order to get this under control.

Jim    |    Commented November 27, 2007

Typosquating is simply profiting from deception and misdriection. Who profits? The likes of Google and Yahoo, the ad providers. This really is a wild west, translated lawlessness, environment. Ultimately I am afraid legislation may be needed that makes the ad providers liable for this fraudulent behavior in order to get this under control.

Jim    |    Commented November 27, 2007

Typosquating is simply profiting from deception and misdriection. Who profits? The likes of Google and Yahoo, the ad providers. This really is a wild west, translated lawlessness, environment. Ultimately I am afraid legislation may be needed that makes the ad providers liable for this fraudulent behavior in order to get this under control.


Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
Improving Emergency Response with Digital Communications
Saginaw County, Mich., increases interoperability, communication and collaboration with a digital voice and data network, as well as modern computer-aided dispatch.
Reduce Talk Time in Your Support Center by 40%
As the amount of information available to citizens and employees grows each year, so do customer expectations for efficient service. Contextual Knowledge makes information easy to find, dropping resolution times and skyrocketing satisfaction.
Emerging Technology Adoption in Local Government
In a recent survey conducted by Government Technology, 125 local government leaders shared their challenges, benefits and priorities when adopting emerging technologies such as cloud, mobility and IP. Read how your jurisdiction’s adoption of technology compares to your peers.
View All

Featured Papers