There are, according to the largest domain registrar VeriSign, some 215 million domain names on the internet, a figure which grew by some five million in the second quarter of 2011, or up by 8.6% over the previous year.
With so many domains, and with the devices we use to access them becoming ever smaller, the chances of making a spelling mistake when typing in a web address are becoming ever greater, especially for those of us cursed with fat fingers and failing eyesight.
Of course, typos are something of a mixed blessing online. On the upside, bargains can be had at auction sites such as eBay when a seller misspells an item name so that it sneaks under your competitors’ search radar.
It isn’t merely likely but a damn-near statistical certainty that the many thousands of people around the world typing “youtube.com” into their web browser address bar every day are going to make a slip
The downside of typos is exploited by those unscrupulous folk who set up sites with names that are common misspellings of major brand names. Such brand-traffic hijacking is far easier to achieve by using so-called “typosquatting” than it is by the older trick of cybersquatting.
To pull off a successful cybersquat you have to somehow actually acquire the domain name of a target brand, which isn’t too easy if your heart is set upon grabbing traffic heading for, let’s say, YouTube – it’s rather unlikely that anyone at Google HQ is going to forget to pay the registration renewal fee for www.youtube.com any time soon, and it’s equally far-fetched (or so one would like to hope) that the YouTube site could be vulnerable to any kind of DNS diversion or hijacking.
That’s where typosquatting comes in: it isn’t merely likely but a damn-near statistical certainty that the many thousands of people around the world typing “youtube.com” into their web browser address bar every day are going to make a slip; all the bad guys have to do is register a bunch of domains that, in their opinion, are the most likely to catch such mistakes.
It’s easy to imagine someone typing “microsfot” or “microdoft” instead of “Microsoft”, and “youttube” instead of “youtube”, for example.
Advertising returns
Why bother? Well, these bad guys are gambling on the fact that enough people will enter the appropriate misspelled name and so find themselves at either some cleverly cloned version of the real site, which is collecting advertising revenue – or, much more likely (since it’s a far cheaper option), at an “online survey” page that they assume is being operated in association with the brand they were expecting to arrive at.
It could be a page that’s offering a nice iPad or similar as a potential prize, but is in fact set up to harvest their personal data, which can then be sold on for a nice profit.
One survey site employing such typosquatting tactics was discovered by security researchers to actually be attempting to get participants to subscribe to an auto-renewing and chargeable SMS text alert service: a nice little earner operating off the back of brand misappropriation and fat-finger syndrome. You have been warned!
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.
