Typosquatting – When Domain Name Typing Errors Produce Unfortunate Results

Registering common misspellings of popular website domain names is a big business.  A recent study found that 80% of all possible one-character typographical variants of Facebook, Google, and Apple are registered.  Registering close misspellings of domain names is know as “typosquatting.”

Security company Sophos recently analysed all the possible one-letter variations of six popular websites, a whopping 2249 unique site names.  Of the 2249 possibilities, 67% or 1502 domain names were actually registered.  Many of these sites redirected the researchers to other domain names and web sites, so the total number of questionable sites ballooned to 14,495 total sites.

A small percentage were actually legitimate websites owned by people or businesses who had a name that was close to the target domain.  Another group of domains were registered by the main brands, and the misspellings redirected automatically to the correctly spelled web site.

The remainder fell into several categories:

  • 15% of the typosquatting sites were devoted to advertising, either directly on the home page or by spawning pop-up ads.
  • 12% were engaged in domain name parking, where someone purchases a domain speculating that they can resell it for many times more than face value, or touting web site hosting services.
  • 6% were running search related businesses.  Some were designed to replicate the Google search page, and even used the Google search engine under the hood.  These sites make money by offering links to paid advertisers in the search results.
  • 2% were devotes to adult content, pornography, and dating.
  • Interestingly, only 3% were engaged in cyber-crime activities such as phishing, ransomware, and malware distribution.

Other uses included:

  • Brand bait and switch sites that look like the real thing but take you somewhere else.  The Apple domains saw a concentration of fake iTunes sites, for example.
  • Competitions and survey sites.
  • Humor and satire sites.
  • Typosquatting researcher sites.  Along this line, I have registered a few sites myself to use in phishing simulation and training applications

It is inevitable that occasionally we will fat finger a web address, and with the high percentage of registered misspellings (nearly 80%) instead of getting an innocuous 404 page, you end up on an active web site.  Your best bet is to close the tab or push the back button and try again.  Using a good anti-malware product and keeping it up-to-date will protect you from the few malicious sites you may stumble upon.  Using the latest version of your favorite web browser is important, too.  As we reported in an earlier post, Microsoft Edge has a significant advantage in the protection department currently.  Use good judgement, and if a site seems a bit off, check the web address in your browser address box.  If you are on a fake site, get out of there.

More information:


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.