“Typosquatting” Can Mean Trip to Surprising, Unpleasant Web Sites
In getting to Web sites, neatness counts. If you type in the wrong Web address, you might be in for a surprise.
You could be taken to a site run by a business that competes with the site you were trying to get to, to a rogue site that lampoons the intended site, to a porn site that tricks you or your children into its seediness, or to a spam or phishing site that steals your e-mail address, your money, or your identity.
This phenomenon goes by the names “typosquatting” and “URL hijacking.” A new study by McAfee, a maker of computer security software, sheds some interesting light on it (www.mcafee.com/typosquatters). Among its findings:
- If you misspell a popular URL (Uniform Resource Locator), or Web address, you have about a 1-in-14 chance of landing at a typosquatter site.
- The five most highly squatted categories are game sites such as miniclip.com, runescape.com and minijuegos.com, airline sites such as ryanair.com, united.com and lufthansa.com, mainstream media sites such as vh1.com, globo.com and qvc.com, dating sites such as plentyoffish.com, true.com and singlesnet.com, and technology and Web 2.0 sites.
- Sites for children and teens such as webkinz.com, clubpenquin.com and neopets.com are also heavily targeted. Some of the trick sites are designed to expose children to pornography.
Among the more celebrated examples of typosquatting have involved the Web search site Google and the user-written Web encyclopedia Wikipedia. By mistyping www.google.com as www.goggle.com, users were taken to the site of a rogue software maker that automatically downloaded spyware to their computers.
Wikipedia endured a similar experience. By mistyping www.wikipedia.org as www.eikipedia.org, www.wilipedia.org or www.wikipedi.com, or by mistyping en.wikipedia.org as en.wiipedia.org, en.wikipedi.org or en.wikipediia.org, users were directed to sites with pop-up ads, spyware downloads and ad-generating Web directories.
Typosquatters bank on the fact that people make simple typing mistakes, misspell words, add an “s” to make a name plural when it shouldn’t be, and get the top-level domain wrong by typing “com” instead of “org,” for example.
“Typosquatting illustrates the Wild West mentality that remains dominant in major portions of the Internet,” says Jeff Green, a McAfee senior vice president. “Even at its most benign, this practice takes consumers to places they never intended and penalizes legitimate businesses by siphoning customers away.”
One common technique used by typosquatters is to profit from click-through ad revenue. Legitimate ad syndication services affiliated with Google and other search sites enable typosquatters to make money by tricking people into coming to their sites, where revenue-generating ads are displayed.
Another, more nefarious, technique is to continue the ruse by tricking people into thinking they’re at the real site, using copied logos, page layouts and content. When you then type in credit card, Social Security and other sensitive data, the criminals use that data to steal your money and your identity.
Typosquatting isn’t a new phenomenon, but it is increasing in frequency, judging by the number of cases filed with the World Intellectual Property Organization’s arbitration system (www.wipo.int/amc/en/domains). This is one remedial method available to sites whose addresses have been copied.
Another method is to send, or have your lawyer send, a cease and desist letter or e-mail to the typosquatting site, which is more effective if the copying was innocent rather than venal. In some cases these disputes wind up in court.
Some companies try to prevent typosquatting by registering or buying a few or many different Web addresses similar to theirs, then automatically redirecting all the variants to the correct Web site.
Internet service providers (ISPs) such as Earthlink and Web search sites such as Google now include features that automatically suggest the proper spelling of commonly misspelled addresses of popular Web sites.
Such automated protection can be controversial. ISPs and search sites often display ads based on their interpretation of the address of the intended site, and they profit from this in the same way as typosquatters. Paxfire (www.paxfire.com), a company in Reston, Va., offers software to ISPs that redirects mistyped Web addresses, with the ad revenue generated then split between Paxfire and the ISP.
Yet such ads are much less problematic than the criminal Web sites these services protect you against.
For additional protection, software such as McAfee’s SiteAdvisor, which is part of McAfee’s Internet Security Suite software, warns you about any site that triggers its typosquatting criteria. The SiteAdvisor protection is also available for free as a stand-alone package (us.mcafee.com).
One last way to thwart typosquatting: Take care in typing any new Web address into your browser’s address line.