Typo squatting drives fraud sites up the Web charts

Fraudulent websites are becoming some of the more frequently visited sites on the Internet as a result of people mistyping the address of a legitimate site — in particular, Twitter, according to a report from Websense.

Operators of the fraudulent sites are “typo squatting,” registering likely misspellings of the URLs of popular sites, then luring fumble-fingered users to spam sites by offering them prizes.

The practice has been so successful that some of the fraudulent sites have turned up on Web analytics company Alexa’s global ranking list, http://www.alexa.com/topsites, with at least one making it into the top 250 most-visited sites worldwide in December 2011.

Related story:

New domains open new targets for doppelgangers, typo-squatters

Websense’s research showed that the fraudsters had registered quite a few variations on the twitter.com URL, including ttwitter.com, twittter.com, twitter.com and twiter.com. (Other major Web traffic sites such as Google and Facebook have defensively registered common misspellings of their addresses to prevent these kinds of scams, but Twitter hasn’t, which makes it an easy target.)

When visitors accidentally go to these sites, they’re met with a message, often pretending to be from YouTube, promising an iPhone 4S, iPad 2 or Macbook Air as a prize for filling out a survey, Websense said. If the visitor clicks on the link, he or she is taken to a spam site.

One of those sites, video-rewardz.com made it into Alexa’s top 250 at its peak on Dec. 19. (To give you an idea of how significant that is for a fraudulent site, Android.com, the official site for users, developers and partners of that OS, at this writing is 250th on the list. Dell.com is 276th, NBA.com is 295th and Time magazine’s time.com is 498th.) 

Typo squatting has been around for a while, but spam operators stick with the practice because it gets results. When people type quickly, as any reader of texts, Twitter or Facebook can attest, mistakes are made. Likewise, a fair number of people seem to be unable to resist the promise of a free gadget.

Typo squattings’s close relative, doppelganger domains, is another tactic used to lure the unsuspecting to fraudulent sites. Such domains play with the periods in Web and e-mail addresses, such as registering “windowsmicrosoft.com” as a doppelganger for “windows.microsoft.com.” As a result, mistyped e-mail addresses could be misdirected to the wrong place. 

Last year, Godai Group researchers set up doppelganger domains for all of the Fortune 500 companies and found that 151 of them were vulnerable to having e-mail misdirected. Over six months, they collected 120,000 e-mails amounting to 20G of data, including trade secrets, business invoices, employees’ personal information, network diagrams, user names and passwords.

The best way to avoid falling for these tricks, of course, is to just watch what you type and double-check it, particularly if it’s a Web or e-mail address. And beware of websites bearing “free” gifts.



About the Author

Kevin McCaney is a former editor of Defense Systems and GCN.


  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected