Typosquatting: A Serious But Avoidable Type of Cybercrime

Accidentally transposing two letters is all it might take to become a typosquatting victim. Find out what typosquatting is and how to avoid becoming a victim.

If you use the Internet regularly, you probably have made a typo or two when entering web addresses in your browser. Typosquatters would like to see you make many more of them. That’s because they profit from people incorrectly entering Uniform Resource Locators (URLs) in web browsers.

Typosquatting Explained

Typosquatting, also known as URL hijacking, takes advantage of the fact that people make typographical errors when manually entering URLs in a web browser. Typosquatters buy domains that are slight misspellings of popular websites (e.g., “goggle.com”) in hope that people will accidentally mistype the real site’s URL and land on their site. What they do with those sites varies. Sometimes they spoof the legitimate site. Their goal is to make the typosquat site look and feel like the real one so that visitors don’t realize they are on a fake site. Typosquatters might, for example, spoof a banking site and use the fake site to steal login credentials and financial account information. Or they might replicate a search site to earn undeserved click-through revenue or a spoof tech store to carry out bait-and-switch schemes.

According to a Sophos research study, the top five types of typosquat sites are:

1. Advertising and popup sites
2. IT and hosting sites
3. Search sites
4. Sites associated with cybercrimes such as phishing, hacking, and spamming
5. Adult or dating sites

Avoid Typos So You Don’t Become a Victim

Accidentally transposing two letters or adding an extra one is all it might take to become the next victim of typosquatting. Here are several actions you can take so that you don’t mistype web addresses:

• Bookmark (or pin) the websites you regularly visit. Clicking a bookmark is not only safer but also quicker than manually entering a web address.
• List the web addresses of sites you occasionally visit (but don’t want to bookmark) in a text or word processing file. When you want to visit one of those sites, simply open the file, copy the address, and paste it in your browser’s address bar.
• Perform a search for the site you want to visit and click the link to the desired site from the search results.
• Double-check any web addresses you manually input into the address bar before pressing the “Enter” button. It only takes a few seconds. Catching a typo now can save you a lot of hassle later.

Keyboard flickr photo by matsuyuki shared under a Creative Commons (BY-SA) license