Typo squatting drives fraud sites up the Web charts
- By Kevin McCaney
- Jan 12, 2012
Fraudulent websites are becoming some of the more frequently visited sites on the Internet as a result of people mistyping the address of a legitimate site — in particular, Twitter, according to a report from Websense.
Operators of the fraudulent sites are “typo squatting,” registering likely misspellings of the URLs of popular sites, then luring fumble-fingered users to spam sites by offering them prizes.
The practice has been so successful that some of the fraudulent sites have turned up on Web analytics company Alexa’s global ranking list, http://www.alexa.com/topsites, with at least one making it into the top 250 most-visited sites worldwide in December 2011.
New domains open new targets for doppelgangers, typo-squatters
Websense’s research showed that the fraudsters had registered quite a few variations on the twitter.com URL, including ttwitter.com, twittter.com, twitter.com and twiter.com. (Other major Web traffic sites such as Google and Facebook have defensively registered common misspellings of their addresses to prevent these kinds of scams, but Twitter hasn’t, which makes it an easy target.)
When visitors accidentally go to these sites, they’re met with a message, often pretending to be from YouTube, promising an iPhone 4S, iPad 2 or Macbook Air as a prize for filling out a survey, Websense said. If the visitor clicks on the link, he or she is taken to a spam site.
One of those sites, video-rewardz.com made it into Alexa’s top 250 at its peak on Dec. 19. (To give you an idea of how significant that is for a fraudulent site, Android.com, the official site for users, developers and partners of that OS, at this writing is 250th on the list. Dell.com is 276th, NBA.com is 295th and Time magazine’s time.com is 498th.)
Typo squatting has been around for a while, but spam operators stick with the practice because it gets results. When people type quickly, as any reader of texts, Twitter or Facebook can attest, mistakes are made. Likewise, a fair number of people seem to be unable to resist the promise of a free gadget.
Typo squattings’s close relative, doppelganger domains, is another tactic used to lure the unsuspecting to fraudulent sites. Such domains play with the periods in Web and e-mail addresses, such as registering “windowsmicrosoft.com” as a doppelganger for “windows.microsoft.com.” As a result, mistyped e-mail addresses could be misdirected to the wrong place.
Last year, Godai Group researchers set up doppelganger domains for all of the Fortune 500 companies and found that 151 of them were vulnerable to having e-mail misdirected. Over six months, they collected 120,000 e-mails amounting to 20G of data, including trade secrets, business invoices, employees’ personal information, network diagrams, user names and passwords.
The best way to avoid falling for these tricks, of course, is to just watch what you type and double-check it, particularly if it’s a Web or e-mail address. And beware of websites bearing “free” gifts.
Kevin McCaney is editor of Defense Systems. Follow him on Twitter: @KevinMcCaney.