Typosquatters Aim For Apple, Google And Facebook

You've probably been caught out by typosquatting before: you type an address into your browser, get a letter wrong, and end up on a site that's filled with ads, weird downloads or other unexpected content. But just how common is the practice of registering slightly incorrect domain names in the hope they'll attract traffic? An analysis by web security software firm Sophos suggests that when it comes to popular web services, nearly every possible option has been grabbed.

Sophos research Paul Ducklin generated a list of all the one-character typo variants that could be created for six .com domains: Apple, Google, Facebook, Microsoft, Twitter and Sophos. For each, he worked out all the possible variants involving adding one character, mistyping one character, or missing one character. That produced 2249 unique domain names, which Ducklin then tested to see if they were active.

The results showed that for popular services, virtually every example has been registered as an active site. For Apple, 86 per cent of typosquatting variants had been taken, and Google (83 per cent) and Facebook (81 per cent) weren't far behind.

How risky are those sites? Just one Ducklin visited actually contained malware, while around 5 per cent were ranked as connected with cybercrime. Many, however, did attempt to pass themselves off as connected with their parent site, offering links to music software off faux-Apple sites or search services on faux-Google ones. And that is, as he points out, risky:

At the very best, typosquats which lead to parked domains are just aiming to make money out of nothing, by capitalising on your errors. At worst, typosquatters are trying to give you a false sense of safety, with the intention of misleading you further into unintended and possibly risky online actions.

The lesson? Check carefully when typing, and take advantage of autocomplete and searching to minimise your browsing risks. Hit the link for the full report.



    Isn't there a way to take those sites down? I mean. Are they actually legal?

      Trademark infringement at best, which means lengthy legal battles - that's if you can find an actual person behind them.

    My favourite is the reddit.com typo derrit.com

    You mightn't notice the difference at first ;)

Join the discussion!

Trending Stories Right Now