Typosquatting - what happens when you mistype a website name?

Discussion in 'General Security Discussions' started by Prorootect, Jan 11, 2012.

  1. Prorootect

    Prorootect Level 48

    Nov 5, 2011
    0wN3D by my cat!
    Typosquatting - what happens when you mistype a website name? - topic for you ..

    Typosquatting - what happens when you mistype a website name?: on Naked Security -NakedSecurity.sophos.com: http://nakedsecurity.sophos.com/typosquatting/

    'The experiment:
    We chose six domains: Facebook, Google, Twitter, Microsoft, Apple and, while we were about it, Sophos.

    To keep things simple but representative, we limited ourselves to typos of one alphabetic character in the company name: one letter omitted, one letter mistyped, or one letter added. Typos involving numbers or punctuation marks were ignored.

    We generated all possible one-character mistakes in the w w w.companyname.com form of the above six domains. That produced 2249 unique site names, from w w w.pple.com, through w w w.facemook.com, to w w w.twitterz.com.'

    'Microsoft typosquats were at 61%, Twitter 74%, Facebook 81%, Google 83% and Apple at 86%. Clearly, there is a significant typosquatting ecosystem around high-profile, often-typed domain names.'

    'Google was the most commonly-abused brand, since it is trivial for a third-party site to present a Google-like search page and to use Google's search engine behind the scenes.'
    'This sort of brand abuse can generate revenue in several ways.
    By presenting sponsored links as organic search results, the fake site earns click-through revenue more readily. By mixing other revenue-generating links into real search results, the brand abusers can hide their inorganic and even unrelated links amongst otherwise-high-quality results.
    Of course, by visually presenting its so-called search engine as a well-known brand, the fake site doesn't even look like a typosquat.'

    'More than 560 of the 1502 pages (37%) in our test made use of DoubleClick [hmm, Google's ownership?..], which serves numerous domain parking businesses, including Bodis, Oversee, Sedo and Demand Media. You'll probably recognise the look of parked domains from these companies, as they pop up all over the internet, not just on typosquatting sites.'

    'If you find yourself somewhere you didn't intend due to a fat-finger error, don't be tempted to click through from the unexpected page, even if what you are apparently offered is a link to your intended destination.

    At the very best, typosquats which lead to parked domains are just aiming to make money out of nothing, by capitalising on your errors.

    At worst, typosquatters are trying to give you a false sense of safety, with the intention of misleading you further into unintended and possibly risky online actions.'

Similar Threads Forum Date
Security Alert Facebook Typosquatting Campaign Harvests User Info Security News Aug 26, 2017
It's me and you know me. You will not believe what happens next New Member Introductions Aug 31, 2017
This is what happens when you reply to spam email | James Veitch Off Topic Oct 4, 2016