If you are as typographically challenged as I am, or if you fingers are just too darn big and meaty to type properly on a smartphone or mobile device (as mine are), there?s a good chance that you?ve already come into contact with the unsavoury online practice known as typosquatting.
The premise of typosquatting is simple ??an opportunistic or malicious individual or web service sets up a website that is similar in typographic appearance to another popular website. This fake site then benefits from visits accrued by way of spelling errors, typos or misconceptions made when attempting to enter the legitimate website?s address into the web browser.
Typosquatters have a number of techniques in their toolkit to fool unwary cyber travellers, and the consequences can be far reaching. If the victim is fortunate, they?ll just waste a few minutes clicking through a series of harmless advertisements before they realise their mistake. Less fortunate souls however, can potentially put themselves at far greater risk by entering personal details into a phishing website or infecting their computer with malware.
How to spot typosquatting
When we go online, whether it is for leisure, business or otherwise, we expect to be connected to the product, service or information that we?re looking for. Typosquatting preys on this expectation and will typically target websites from:
- Large companies with globally recognised brand names, such as Microsoft, Apple and Coca-Cola.
- Large companies with names that are harder to spell or are derived from foreign words, such as Lufthansa or Lego.
Typosquatters have a number of different techniques for targeting these sorts of websites, so to minimise your risk of falling prey to typosquatting, we?ve put together a dossier of common typosquatter variants that we think you should acquaint yourself with:
Variant #1: The Dodgy English Tutor
The most common variant of typosquatter, the Dodgy English Tutor, spends all their time surfing grammar websites, using anagram builders to cheat at online scrabble and, of course, typosquatting.
For example:
- Typosquatter URL = http://www.theindependent.com/
- Legitimate URL = http://www.theindependant.com/
If you know you have a problem with a particular word or set of words (I can never spell ?privilege? without a dictionary?), always search for the website you?re looking for in your favourite search engine instead of typing it into the address bar. Your friendly search engine will usually gently enquire as to whether you really meant to misspell the word and offer you a list of results based on the correct spelling.
Variant #2: Tiny Keypad Typosquatter (TKT)?
TKT has great big sausagy fingers and has never gotten around to upgrading whichever old, undersized smartphone they use to get around online. And, when they actually manage to get in front of a PC with a normal sized keyboard, they become over-excited and type too quickly. TKT takes advantage of typos, incorrect letter patterns and double keystrokes to fool their prey.
- Typosquatter URLs = http://www.smasung.com/ or http://www.zamsung.com/
- Legitimate URL = http://www.samsung.com/
Variant #3: Brand Police Typosquatter (BPT)
BPTs target websites which are built around ambiguous company names or weak branding that has yet to be properly burnt into the collective consumer consciousness. BPT will most often play on the existence or non-existence of a plural ?s? at the end of the brand (for example, despite the fact that I am employed by AVG, my mother still chooses to refer to ?Norton? as ?Nortons?).
- Typosquatter URL = http://www.nortons.com/ (sorry, Mum!)
- Legitimate URL = http://www.avg.com.au/ ? just kidding, it?s actually?http://www.norton.com/
Variant #4: DotCom Deviant
The DotCom Deviant is an expert on purchasing and squatting on different top-level domain combinations (ie. .com, .com.au, .co, .net, .org). The temptation to always use the ubiquitous ?.com? domain suffix is dangerous, as many companies and organisations are entitled to use ?.org? or ?.net?. Many companies will try to combat the DotCom Deviant by simply buying up all possible combinations themselves and redirecting visitors to the correct site, but you should always be aware that ?usopen.org? and ?usopen.com? (for example) are technically completely different web locations.
- Typosquatter URL =?http://www.twitter.org/
- Legitimate URL = http://www.twitter.com/
How to protect yourself against typosquatting
Levity aside, we realise that the average online traveller doesn?t go online with the specific purpose of spotting and avoiding different types of online fraud. Fortunately, there are some easy to follow rules of thumb that you should make part of your every day websurfing habits:
1. If in doubt, use a search engine.?No one business is completely immune to typosquatting. Bookmark your favourite search engine or have it as your home page and use it to search for any web address that you?re not absolutely sure of.
2. Take your time.?Think of the address bar as the slow-lane. You?ve potentially only got one chance to get it right and your trusty browser auto-correct feature won?t save you here!
3. Use bookmarks.?Most browsers support bookmarks with the CTRL+D keyboard combination. Bookmark any site you use regularly, such as online banking, webmail, or news services.
4. Report typosquatting sites to the company they are targeting.?Typosquatters deprive legitimate companies of revenue and often damage their online reputation. If you take a bit of extra time to report typosquatters to these companies (most will have a ?contact us? link on their home page), it is in their best interests to get the typosquatters shut down and prevent them from harming any of your fellow web travellers.
?
Have you fallen victim to typosquatting before? If so, what was the site you were trying to access? We?d love to hear about your typosquatting experiences in the comments section below or on our Facebook page!
?
Source: http://resources.avg.com.au/security_risks/typosquatting/
black panther party frank martin pink slime eagle cam us soccer trayvon martin case affordable care act
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.