Graham Cluley, Senior Technology Consultant, Sophos
IT security and data protection company Sophos is cautioning computer users to be careful how they type, following the results of a Sophos study into the scale of 'typosquatting'.
Typosquatters register mis-spellings of popular websites in the hope that they will be able to make money out of traffic from unintentional typing mistakes made by internet surfers.
Sophos looked at typosquatting targeting its own website and those of Facebook, Google, Twitter, Microsoft and Apple. The study looked for registered websites for every single one letter typo of the company name: one letter omitted (eg Sopos), one letter mistyped (eg Sphos), or one letter added (Ssophos).
The study revealed that there is a significant typosquatting ecosystem around high-profile, often-typed domain names. A huge 86% of the possible one letter mis-spellings of the Apple homepage led to typosquatting sites.
The highest proportion of the squatting sites - 15% - led to advertising sites. Cybercriminals will register mis-spelled sites to make advertising revenue every time someone mis-types the name of a popular site.12% were found to be IT & hosting pages - suggesting that they have been registered with the intention of being held onto and sold at a profit, which is also known as 'domain parking'. Of the 14,495 mis-spelled URLs looked at in the study, 738 (5.1%) were categorised by Sophos as cybercrime or adult. The former should always be blocked; the latter should be blocked at least in the workplace or around children.
"It's so easy to mistype a URL, and it's inevitable that from time to time you will end up on an unintended website. In the worst cases, careless typing can lead you to a criminal website designed to steal your identity or phish your credentials," said Graham Cluley, senior technology consultant at Sophos. "A good idea is to bookmark your favourite websites rather than rely upon your fingers working correctly."