Typosquatting Blog Post

Watch Out for Typosquatting


Share this:

By Carrie Kerskie, Director of the Identity Fraud Institute

Scammers are well aware of the fact that people are prone to typographical errors. Our inability or unwillingness to proofread what we type could lead to great harm. Not physical harm, but harm to our privacy. All due to typosquatting. Typosquatting occurs when someone intentionally registers the misspelling of popular web addresses with the intent to profit from typographical errors. Typosquatting is done to confuse the consumer. The confusion could be intentional or unintentional.

Typosquatting can also occur to the right of the company name in the URL. Instead of .com it may say .co, .cm or .om. The intent is to make you think you are on the legitimate website. This is a common technique used for the sending email address of phishing emails. To better illustrate typosquatting, here are a few examples of previously known typosquatted websites.

Twitter vs Twtter

Just in case you missed it, go back and read this section title. Did you notice that one of them is missing the letter “i?” The Twtter website was created to look exactly like the Twitter website. It even had advertising for contests to win iPads or MacBooks. Unfortunately, individuals who fell for the fake website and entered the contest ended up exposing their credit card and sensitive information.

Apple vs Appl

Apple.com is the legitimate website to buy Apple products. However, appl.com sells fake Apple products. If you purchased from this site, what you thought was a genuine MacBook Pro ended up being junk. The site also had a link to iTunes but instead of registering for an iTunes account, you would have ended up registering for a service that would send SMS messages to your cell phone.

Passport Application

Imagine applying for a United States passport online only to discover that you were on the wrong website the entire time. There are numerous fake websites that appear to be the official online passport application website. Their intent is to obtain your credit card and sensitive information for identity theft or other types of fraud. Just remember that websites for government agencies end in .gov. If you are on a .com website, you should call the governmental agency to verify if it is a valid web address.

Microsoft vs MikeRoweSoft

Microsoft Corporation sued a Canadian teenager by the name of Mike Rowe. The teenager had a part-time web designer business and wanted to create a website to advertise his business. The teenager stated that since his name was Mike Rowe, he thought it would be funny to add the word “soft” to the end of it. Unfortunately, Microsoft did not see the humor in his actions. Microsoft offered him $10 for the domain. This is the average fee to register a web domain. Mike Rowe decided that $10,000 would be a fair price. Because he intended to profit from selling the domain to Microsoft, he was determined to be cybersquatting, which is similar to typosquatting. Rowe was promptly handed a cease and desist order by the World Intellectual Property Organization (WIPO).

Malicious Sites

Recently, it was announced that the .om versions of 300 popular websites, such as Netflix and Citibank, were registered in Oman. The purpose of these websites was to install malware, software with malicious intent, onto your computer or device. The malicious typosquatted websites would redirect several times before reaching a page displaying an Adobe Flash update announcement. If the user accepted the update, the malware was installed. The malware installed was a simple adware program, which is advertising-supported software that displays advertisements in order to generate revenue for its author.

The next time you type in a URL, make sure you end up on the correct website. Take your time to proofread the web address before entering your sensitive information. Otherwise, you could become the victim of a scam.