Typosquatting for Fun and Profit

Typosquatting, which is also known as URL hijacking, is a form of cybersquatting that targets Internet users who accidentally type a website address into their web browser incorrectly. When users make a typographical error while entering the website address, they may be led to an alternative website owned by a cybersquatter or criminal hacker.

Typosquatters often create spoofed sites that may have the look and feel of the intended site. Operations like these may actually sell products and services that are in direct competition with the site you wanted to go to or they may be a front to steal your credentials including credit cards or social security numbers. Examples from Veralab might be “leson vs. lesson” or extra double characters such as “yahhoo vs. yahoo” or wrong character sequencies such as “IMB vs. IBM”, or a wrong key pressed such as “fesex vs. fedex.”

In some cases the typosquatters employ phishing to get you to visit the site. Phishing of course is the criminally fraudulent process of attempting to acquire sensitive information such as user names, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Typosquatting and phishing go hand in hand.

SC Magazine reports “in most cybersquatting cases, the web address can be similar in appearance to the actual corporate site, but will instead contain pay-per-click advertisements, according to a 2007 McAfee report, which studied 1.9 million typographical variations of 2,771 of the most trafficked websites.”

Last year Scammers created a website imitating Twitter.com called tvvitter that’s t-v-v-itter, cute huh? They sent phishing emails to millions of users, many of whom clicked on the link contained within the emails, which sends them to the phishing site, where they enter their user names and passwords in order to log in.

When doing a search online look carefully at any links you click.

When typing in a browser, before hitting “enter” look at the address bar to confirm you spelled it properly.

Do business with e-tailers you are familiar with and carefully spell their domain.

Set up your favorites menu with your most visited sites.

So heads up, be careful out there and don’t get hooked.

Robert Siciliano personal security expert to Home Security Source discussing burglar proofing your home on Fox Boston. Disclosures.