Redirects from misspelled web addresses

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
So I was trying to go to youtube.com and I've manage to missspell and write instead yotube.com.
The link yotube.com will automatically redirect the users to a site where they would have to complete a survey in order to win a prize :

Code:
 Congratulations!
You’ve been selected from the Romania region to take part in our annual visitor survey.
This will only take 30 seconds of your time and will enhance user experience. Upon completion you will have the opportunity to get a Macbook Air®, Apple iPhone 4®, or a iPad 2®

hxxp://video.worldsurveypanel.com/?sov=130906

[attachment=619]

After clicking the start button the user will have to answer to 3 simple question.
[attachment=620][attachment=621][attachment=622]
This question have only one purpose to make the user think this is a legit Youtube survey.
After completing this short survey , you'll find this message :

Code:
Thank you for your input. Participation is required for your opportunity to get an
exclusive reward.
[attachment=623]

Using a great prize in order to make the user less aware of any possible danger is a common practice for scammers , not only on the internet but also in real life.

After selecting your 'prize' , the user will need to answer another 3 question about this product..
[attachment=628]
The questions are related to the product but it won't matter what answer the user will give. Also using Adblock will block the questions from loading,which makes me think that this guys are using an advertising system in order to make money.
Next and final step ?.......They need it my phone number.Of course I would never give my phone number over the internet so I've used a fake one to see what the next step would be.
[attachment=629]
After the submitting a fake phone number , they have requested a SMS with the some text into it in order to participate to this contents.
The SMS isn't free or at a regular price, if you do decide to send it you'll be charged extra.
[attachment=630]
WOT has given a red rating to this site - link



So did you ever manage to misspell a link and be redirected to another place, in which you encountered possible threats?
Do you think a novice user would get tricked by these schemes?
 

Attachments

  • 1.png
    1.png
    107.6 KB · Views: 813
  • 2.png
    2.png
    92.1 KB · Views: 696
  • 3.png
    3.png
    87 KB · Views: 646
  • 4.png
    4.png
    91.8 KB · Views: 670
  • 10.png
    10.png
    204.3 KB · Views: 630
  • 5.png
    5.png
    294.7 KB · Views: 682
  • 7.png
    7.png
    246.2 KB · Views: 626
  • 8.png
    8.png
    313.9 KB · Views: 620

MrXidus

Super Moderator (Leave of absence)
Apr 17, 2011
2,503
I just happen to misspell Youtube and spell "Yotube" when typing fast in the location bar and often get taken to this website,
I've added yotube.com to my hosts file and installed an add-on called No-Redirect to help prevent any future occurrences like this.
I forgot but does OpenDNS have a feature that stops users from going to the wrong site when mistyping?

Nice post by the way +Rep
 

Dejan

New Member
Mar 3, 2011
559
Common method for tricking people, I remember an old Google typo-squatter "goggle.com" that now seems to just be a scam site, but before could lead to that old SpySheriff rogue. I don't think OpenDNS has that feature, it won't block it if the site exists (unless it's been reported or something), I do remember when I misspelled one site URL that led me to a non-existent site then it did give me a suggestion on the correct URL, but like I said if that site exists (such as in this case) and it's not reported, I don't think it would be blocked, my guess though.
 

K__M

New Member
Jun 14, 2011
344
I just went to it and it was blocked by my mbam website blocker :p.

Interesting tho.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Its like in my opinion that yotube have been active many years before so its not new to make updated tactics to convince users.
 

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Tried to go http://gmail.com ....and by mistake I've typed :
Code:
http://gmai.com
Guess where I've got redirected ... :p
 

Attachments

  • Untitled.png
    Untitled.png
    120.6 KB · Views: 752

eXPerience

Level 1
Mar 7, 2011
248
same thing happens with yutube.com , goggle.com , etc. Never actually saw these screens before haha ^^

eXp
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Its like all the site that can be misspelled was only one owner probably.
 

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Sad day.....
Softpedia said:
Fraud Websites Make the Global Top 250 Alexa Ranking List

preading their fraudulent campaigns that they managed to gain a good position on the global Alexa ranking list.

Websense researchers report that the sites pretend to be part of YouTube and some of them even rank better than some major genuine portals.

By relying on typosquatting attacks, cybercriminals managed to promote their online survey scams which offer unsuspecting Internet users fabulous prizes such as iPhones and other cool gadgets.

Video reward survey campaigns such as this one can spread globally because there is no language barrier and their Alexa rank is usually high, but also, they’re not limited to certain countries or regions.

Furthermore, to make the scam sites even more authentic, a script checks the visitor’s IP and displays location information.

One of these shady video sites found by Websense is video-rewardz.com, which has a high Alexa rank since December 19, 2011. Unfortunately, the site is still active and its traffic is higher than ever.

So you may wonder how these typosquatting attacks work in this case.

The entire secret lies in the fact that many people rush to type a site’s name and easily make mistakes.

For instance, when we want to access Twitter, we type www.twitter.com, but we could also write www.ttwitter.com by mistake. Since sites like ttwitter.com are already owned by cybercriminals, they can place clever redirects that lead the user to sites such as video-rewardz.


Read more ...
 

Littlebits

Retired Staff
May 3, 2011
3,893
This is the main reason that I use Bookmarks, you can't misspell your favorite websites.

However many browsers are starting to hide bookmarks or favorites by default which I consider a bad move.

Thanks.:D
 

WinAndLinuxTutorials

Level 4
Verified
Honorary Member
Aug 23, 2011
2,291
This also happened to me when I wanted to open facebook, I wrote facebok.com instead, which was flagged red by WOT. http://www.mywot.com/en/scorecard/facebok.com

EDIT: Trying to open this site, it redirects me to facebook.com.
 

Dejan

New Member
Mar 3, 2011
559
Uh, I just select the site from my URL bar, because it's saved in history.
Helps out a lot, when you're lazy like me.
 

McLovin

Level 76
Verified
Honorary Member
Malware Hunter
Apr 17, 2011
9,222
Dejan said:
Uh, I just select the site from my URL bar, because it's saved in history.
Helps out a lot, when you're lazy like me.

That is exactly what I do as well.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Two theories for about misspelled website.

1) Your lucky if the misspelled website is not exist and will redirect you in a real site + it could be a domain parking site which is still vacant.

2) Scam sites or malicious viruses sites but mostly were scam sites in order the users to be victimized.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top