Government Technology

Personal Computing: The Threat of "Typosquatting"



November 26, 2007 By

In getting to Web sites, neatness counts. If you type in the wrong Web address, you might be in for a surprise.

You could be taken to a site run by a business that competes with the site you were trying to get to, to a rogue site that lampoons the intended site, to a porn site that tricks you or your children into its seediness, or to a spam or phishing site that steals your e-mail address, your money or your identity.

This phenomenon goes by the names "typosquatting" and "URL hijacking." A new study by McAfee, a maker of computer security software, sheds some interesting light on it. Among its findings:

  • If you misspell a popular URL (Uniform Resource Locator), or Web address, you have about a 1-in-14 chance of landing at a typosquatter site.
  • The five most highly squatted categories are game sites such as miniclip.com, runescape.com and minijuegos.com, airline sites such as ryanair.com, united.com and lufthansa.com, mainstream media sites such as vh1.com, globo.com and qvc.com, dating sites such as plentyoffish.com, true.com and singlesnet.com, and technology and Web 2.0 sites.
  • Sites for children and teens such as webkinz.com, clubpenquin.com and neopets.com are also heavily targeted. Some of the trick sites are designed to expose children to pornography.

Among the more celebrated examples of typosquatting have involved the Web search site Google and the user-written Web encyclopedia Wikipedia. By mistyping www.google.com as www.goggle.com, users were taken to the site of a rogue software maker that automatically downloaded spyware to their computers.

Wikipedia endured a similar experience. By mistyping www.wikipedia.org as www.eikipedia.org, www.wilipedia.org or www.wikipedi.com, or by mistyping en.wikipedia.org as en.wiipedia.org, en.wikipedi.org or en.wikipediia.org, users were directed to sites with pop-up ads, spyware downloads and ad-generating Web directories.

Typosquatters bank on the fact that people make simple typing mistakes, misspell words, add an "s" to make a name plural when it shouldn't be, and get the top-level domain wrong by typing "com" instead of "org," for example.

"Typosquatting illustrates the wild west mentality that remains dominant in major portions of the Internet," says Jeff Green, a McAfee senior vice president. "Even at its most benign, this practice takes consumers to places they never intended and penalizes legitimate businesses by siphoning customers away."

One common technique used by typosquatters is to profit from click-through ad revenue. Legitimate ad syndication services affiliated with Google and other search sites enable typosquatters to make money by tricking people into coming to their sites, where revenue-generating ads are displayed.

Another, more nefarious, technique is to continue the ruse by tricking people into thinking they're at the real site, using copied logos, page layouts and content. When you then type in credit card, Social Security and other sensitive data, the criminals use that data to steal your money and your identity.

Typosquatting isn't a new phenomenon, but it is increasing in frequency, judging by the number of cases filed with the World Intellectual Property Organization's arbitration system. This is one remedial method available to sites whose addresses have been copied.

Another method is to send, or have your lawyer send, a cease and desist letter or e-mail to the typosquatting site, which is more effective if the copying was innocent rather than venal. In some cases these disputes wind up in court.

Some companies try to prevent typosquatting by registering or buying a few or many different Web addresses


| More

Comments

Jim    |    Commented November 27, 2007

Typosquating is simply profiting from deception and misdriection. Who profits? The likes of Google and Yahoo, the ad providers. This really is a wild west, translated lawlessness, environment. Ultimately I am afraid legislation may be needed that makes the ad providers liable for this fraudulent behavior in order to get this under control.

Jim    |    Commented November 27, 2007

Typosquating is simply profiting from deception and misdriection. Who profits? The likes of Google and Yahoo, the ad providers. This really is a wild west, translated lawlessness, environment. Ultimately I am afraid legislation may be needed that makes the ad providers liable for this fraudulent behavior in order to get this under control.

Jim    |    Commented November 27, 2007

Typosquating is simply profiting from deception and misdriection. Who profits? The likes of Google and Yahoo, the ad providers. This really is a wild west, translated lawlessness, environment. Ultimately I am afraid legislation may be needed that makes the ad providers liable for this fraudulent behavior in order to get this under control.


Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
Redefining Citizen Engagement in a Mobile-First World
Today’s consumers are embracing the ease and convenience of anytime, anywhere access to the Internet from their mobile devices. In order for government and public sector organizations to fully engage with their citizens and provide similar service quality as their consumer counterparts, the time is now to shift to mobile citizen engagement. Learn more
McAfee Enterprise Security Manager and Threat Intelligence Exchange
As a part of the Intel® Security product offering, McAfee® Enterprise Security Manager and McAfee Threat Intelligence Exchange work together to provide organizations with exactly what they need to fight advanced threats. You get the situational awareness, actionable intelligence, and instantaneous speed to immediately identify, respond to, and proactively neutralize threats in just milliseconds.
Better security. Better government.
Powering security at all levels of government with simpler, more connected IT.
View All

Featured Papers