Check Your Spelling When Browsing

Posted on: 05 January 2009 by Gareth Hargreaves

Mistyped URLs can land you in hot water explains Greg Day from computer security firm McAfee.

Just when you thought you were on top of the online risks another threat presents itself.

Twenty years ago we learnt that infected floppy disks could spread viruses so we learned how to deal with that. Then we became used to social engineering techniques and stopped clicking on every link or file we were sent.

But the evolution of threats didn’t stop there and we have since been learning to deal with spam, phishing and other online scams, to make sure that our personal information is not being targeted.

So What Is Typosquatting?

Also known as URL hijacking, typosquatting relies on mistakes made by internet users when inputting a website address into a web browser.

Should a user accidentally enter an incorrect website address, they may be led to an alternative site owned by malicious-minded internet fiends.

However, that’s not the end of it as even our own spelling errors can land us in trouble, with typosquatters just waiting for us to make mistakes.

In fact, a typical person misspelling a popular URL has a 1 in14 chance of landing at a typo-squatter site.

These sites – run by the typosquatters – then generate click-through advertising revenue, lure unsuspecting consumers into scams, harvest email addresses in order to flood unsuspecting internet users with unwanted email and can even result in malware infections.

This just goes to show that when it comes to keeping yourself secure on the internet, it’s an ever-moving target and there is a real need to continuously question the validity of sites and sources in order to maintain your internet safety.

The use of URLs that look like the real thing but are in fact far from it should come as no real surprise. Just as phishing emails replicate valid messages from banks and the perpetrators of malware attempt to make you download a file by claiming it is something that will appeal to you, the bad guys out there know what the average internet user is interested in and what will appeal to the greatest number of surfers.

Protect Yourself

  • Take extra care when typing, especially with URLs that are long or difficult to spell.
  • Ask yourself a few questions about the site you're on. Are there paid ads on the site? If the site you want to visit is a government site, does the URL end in .gov rather than .com, for example?
  • Use SiteAdvisor to help you quickly identify and avoid typosquatter sites.
  • Use a search engine that provides alternatives such as “Did you mean …” with the probable correct spelling and resulting search list, such as Google.

This tactic is no different to physical retailers trying to pass off fake goods as something altogether more legitimate. It’s important to learn what to look out for, as at worst, typosquatting can lead to innocent computer users becoming the victims of online scams or “get rich quick” tricks.

If your business has an online presence, the danger is that your customers may unwittingly be lured from your site to one that may well look similar at first glance but is far from it.

A recent example of a brand that has been targeted by typosquatters is the iPhone – although it was released fairly late in 2007, it was predicted that by the end of that year there would be approximately 8,000 URLs using “iPhone”. Gaming sites and airline sites also emerged as being highly squatted.

So with the way that online villains constantly change approach to try to trick us, how can we maintain good security and protect our identity?

Well the reality is that those bad guys are always trying to stay one step ahead of us but we don’t need to let them. The bottom line is that if you’re not sure of the URL you’re looking for; you’re far safer using a search engine than trying to make a guess.

If we stay alert, are careful with the information we share and the websites we visit, and also use security technology to block or highlight risks, there is no reason why we can’t continue to get the most out of the internet.

With the right approach, the internet can continue to play a pivotal role in our lives and we can protect our friends and families from those who will continue to try to trick us.

Have you been a victim of typosquatters? Have you come across a typo-squatter site?

If so, let us know by leaving a comment in the box below or share your thoughts with other readers in the 50connect forums.

Share with friends


You need to be signed in to rate.