Level 53
Typosquatting - what happens when you mistype a website name? - topic for you ..

Typosquatting - what happens when you mistype a website name?: on Naked Security

'The experiment:
We chose six domains: Facebook, Google, Twitter, Microsoft, Apple and, while we were about it, Sophos.

To keep things simple but representative, we limited ourselves to typos of one alphabetic character in the company name: one letter omitted, one letter mistyped, or one letter added. Typos involving numbers or punctuation marks were ignored.

We generated all possible one-character mistakes in the w w form of the above six domains. That produced 2249 unique site names, from w w, through w w, to w w'

'Microsoft typosquats were at 61%, Twitter 74%, Facebook 81%, Google 83% and Apple at 86%. Clearly, there is a significant typosquatting ecosystem around high-profile, often-typed domain names.'

'Google was the most commonly-abused brand, since it is trivial for a third-party site to present a Google-like search page and to use Google's search engine behind the scenes.'
'This sort of brand abuse can generate revenue in several ways.
By presenting sponsored links as organic search results, the fake site earns click-through revenue more readily. By mixing other revenue-generating links into real search results, the brand abusers can hide their inorganic and even unrelated links amongst otherwise-high-quality results.
Of course, by visually presenting its so-called search engine as a well-known brand, the fake site doesn't even look like a typosquat.'

'More than 560 of the 1502 pages (37%) in our test made use of DoubleClick [hmm, Google's ownership?..], which serves numerous domain parking businesses, including Bodis, Oversee, Sedo and Demand Media. You'll probably recognise the look of parked domains from these companies, as they pop up all over the internet, not just on typosquatting sites.'

'If you find yourself somewhere you didn't intend due to a fat-finger error, don't be tempted to click through from the unexpected page, even if what you are apparently offered is a link to your intended destination.

At the very best, typosquats which lead to parked domains are just aiming to make money out of nothing, by capitalising on your errors.

At worst, typosquatters are trying to give you a false sense of safety, with the intention of misleading you further into unintended and possibly risky online actions.'