Typographical Errors Can Have Surprising Results

typosquattingThis is not a gripe about Spell-Check, although I am driven mad when my phone tries to “correct” the spelling of something I spelled correctly.  Sometimes I get really funny and/or embarrassing results.

Speaking of embarrassing, have you ever mis-typed a domain name and ended up at a porn site?  And caught a virus?  (The computer equivalent of an STD?) This is the result of something called “typo-squatting.”  Individuals will intentionally purchase domain names of common mis-spellings of popular web sites.  For example goggle.com or gooogle.com instead of google.com.  By the way, when I tried the first one, our OpenDNS web filter blocked it for malware distribution.  Be advised!

Typo-squatting URLS fall in a number of versions:

  • Misspelling (i.e. paypall.com)  I have been getting emails lately from “paypall.com” and I bet they have a very realistic spoofed website too.
  • Fat-fingering or typographical errors like letter reversal (i.e. paypla.com instead of paypal)
  • Singular or plurals of popular domains (i.e. paypals.com)
  • Alternate TLD or top level domain (i.e. paypal.org or paypal.net)
  • Country code TLDs – for instance the country of Oman has a TLD of .om.  I could conceivable register the domain paypalc.om and have something that looks perfect except for the position of the period.

You may be wondering why anyone would be doing this, and the general reason is to make money.  Specifically:

  • These types of “near miss” URLs are also frequently used in phishing scams.
  • To sell the domain to the real domain holder.  For instance gooogle.com does in fact resolve to the actual Google web site.
  • To sell you a competing service, or to sell you something else entirely, like knock-off branded merchandise or “Canadian” pharmaceuticals.
  • To redirect users to the original brand by way of an affiliate referral link, to generate pay-per-click ad revenue.
  • To install malware via “drive-by downloading.”
  • For some reason, to show you pornography.  Pornography continues to be a big business on the web, having successfully knocked off the glossy “men’s” magazines like Playboy and Penthouse.  With typo-squatting, sometimes you get there without really trying.
  • To run an “anti” site, or a complaint site for the original brand.
  • To harvest misaddressed emails sent to the intended web company.

Web sites are the second most common way that malware and other exploits are spread.  (Email is number one.)  Sometimes when you land on the wrong web-site by accident, bad things will happen.  If this happens to you, you might want to take a minute to run your malware scanner and remove whatever happened.

More information:


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.