Typosquatting gains ground

Typosquatting gains ground

Tags:    Sophos   typosquatting

By SecurityAsia Editors | Dec 28, 2011

Sophos is cautioning computer users to be careful how they type, following the results of a Sophos study into the scale of 'typosquatting'.

Typosquatters register misspellings of popular websites in the hope of generating traffic from users making mistakes entering web URLs.
 
Sophos looked at typosquatting targeting its own website and those of Facebook, Google, Twitter, Microsoft and Apple.  The study looked for registered websites for every single one letter typo of the company name: one letter omitted (eg Sopos), one letter mistyped (eg Sphos), or one letter added (Ssophos).
 
The study revealed that there is a significant typosquatting ecosystem around high-profile, often-typed domain names.  A huge 86% of the possible one letter misspellings of the Apple homepage led to typosquatting sites.
 
The highest proportion of the squatting sites - 15% - led to advertising sites.  Cybercriminals will register misspelled sites to make advertising revenue every time someone mistypes the name of a popular site.  12% were found to be IT & hosting pages - suggesting that they have been registered with the intention of being held onto and sold at a profit.  Of the 14,495 misspelled URLs looked at in the study, 738 (5.1%) were categorized by Sophos as cybercrime or adult
 
"It's so easy to mistype a URL, and it's inevitable that from time to time you will end up on an unintended website.  In the worst cases, careless typing can lead you to a criminal website designed to steal your identity or phish your credentials," said Graham Cluley, senior technology consultant, Sophos.  "A good idea is to bookmark your favourite websites rather than rely upon your fingers working correctly."

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
Verification Code
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
 

Comments

Comments

I was talking with Ryan

Submitted by Daniel Green on 22 February 2012 - 7:26pm.

I was talking with Ryan Deiss about this and advertising can sometimes be done in a wrong way. On other hand, people have to be careful about what websites they access online. Anyways, in the future, I don't think that such domains will be very profitable. People can use the auto-complete function that browsers offer.

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Trusted Mobility Index
The mobile ecosystem of devices, services and networks is at a critical inflection point.While the mobile revolution is unleashing massive opportunities in both emerging and mature economies, it is also increasing in complexity and confusion. The reality is the lightning-fast adoption of powerful, smart devices is outpacing society’s ability to secure them. Today, trust in mobility hangs in the balance.
The state of the Internet, Q4, 2011
Geography appears to play a role in frequency of observed attacks on specific ports. For example, Port 23 (Telnet) is a favorite target for attacks observed to be originating from South Korea and Turkey, where it accounted for more than five times the number of attacks targeting the next most popular port (445 in both countries). Other instances of geography-based port targeting include observed attacks centered on Port 1433 (Microsoft SQL Server) in China and on Port 80 (WWW/HTTP) in Indonesia.
 
 
 
HID Global deploys a centralized, web-based IP access control solution at Fuxi Power Plant
Unable to meet the needs for real-time monitoring with its traditional patrol system, China's Fuxi Power Plant has deployed HID Global's VertX V2000.
StubHub: How to spot fraud before it happens
Whenever a list of log-on credentials is dumped onto the Web, retailers get hit with waves of automated attacks. Here's how ticket marketplace StubHub fights the threat.