Be careful while typing URLs as misspelling may take you to a typosquatting website

Moneylife Digital team 20 December 2011

Typosquatters register misspellings of popular websites in the hope that they will be able to make money out of traffic from unintentional typing mistakes made by internet surfers

In case you are one of the people who prefer to type a complete URL while surfing the Internet, here is a warning from IT security and control firm Sophos. It says one needs to be very careful while typing URLs otherwise you may be led to typosquatting websites like adult sites or phishing sites. Typosquatters register misspellings of popular websites in the hope that they will be able to make money out of traffic from unintentional typing mistakes made by internet surfers, the report added.

“It's so easy to mistype a URL, and it’s inevitable that from time to time you will end up on an unintended website. In the worst cases, careless typing can lead you to a criminal website designed to steal your identity or phish your credentials. A good idea is to bookmark your favourite websites rather than rely upon your fingers working correct,” said Graham Cluley, senior technology consultant at Sophos.

According to a study conducted by Sophos, there is a significant typosquatting ecosystem around high-profile, often-typed domain names. A huge 86% of the possible one letter misspellings of the Apple homepage led to typosquatting sites.

Sophos said it looked at typosquatting targeting its own website and those of Facebook, Google, Twitter, Microsoft and Apple. The study looked for registered websites for every single one letter typo of the company name: one letter omitted (e.g. Sopos), one letter mistyped (e.g. Sphos), or one letter added (Ssophos).

Of the 14,495 misspelled URLs looked at in the study, 738 or 5.1% were categorized by Sophos as cybercrime or adult. The former should always be blocked; the latter should be blocked at least in the workplace or around children, the security firm said.

The highest proportion of the squatting sites, 15% led to advertising sites. Cybercriminals will register misspelled sites to make advertising revenue every time someone mistypes the name of a popular site. Around 12% were found to be IT & hosting pages—suggesting that they have been registered with the intention of being held onto and sold at a profit, which is also known as ‘domain parking’, the report said.

Another important factor that makes people to type the URLs, is security concern related with clicking on a link, which is good thing. In addition majority of people even try to type the http or www and .com besides the URL. This can be avoided by using a shortcut. One should type the URL (like Google) and then press ‘control+enter’ buttons. This automatically adds the required http, www and .com in the URL.

Comments

User

Narendra Doshi

1 decade ago

In one of your recent articles (10 to 50 days ago) it was mentioned that one should ALWAYS type the URL for greater security and avoid password etc getting decoded easily.
Please define the % of risk in either case to enable decide which to use.

MDT

Replied to Narendra Doshi comment 1 decade ago

Thanks Mr Doshi. We had said that one should avoid clicking on links from a search engine result, especially for using finanacial services online and should instead type the complete URL in the address bar. At the same time one should be careful while typing the URL and check before clicking the go button or pressing 'enter' button as wrong spelling may take you to wrong website that may not have good intention.