Typosquatting - study reveals the real risks when you mistype a website's name [VIDEO]

Filed Under: Featured, Video

TypingAdmit it. You've made mistakes when typing in the name of a website.

Your fingers fumble over each other, and before you know it you're not on google.com but goole.com instead.

It's an easy mistake to make and - inevitably - there are people waiting to take advantage of it.

Security expert Paul Ducklin has taken an indepth look at the scale and the risk of the typosquatting industry: registering misspellings of popular website domain names in an attempt to profit from typing mistakes.

Watch the following video to learn more:

(Enjoy this video? Check out more on the SophosLabs YouTube channel and subscribe if you like.)

Applying every possible one-character typo to the domain names of Facebook, Google, Twitter, Microsoft, Apple and Sophos, Ducklin collected data from 1502 websites and 14,495 URLs.

In a fascinating report, he analyses the data to paint a fascinating picture of the typosquatting ecosystem.

His research's findings may mean that you're more careful than ever before when you type in that next web address.

SophosLabs categorisation of typosquat web urls

Read the full report now:

"Typosquatting - what happens when you mistype a website name?"

, , , , ,

You might like

8 Responses to Typosquatting - study reveals the real risks when you mistype a website's name [VIDEO]

  1. Glenn McNally · 1393 days ago

    Your article reminds me of a very embarassing moment during a automotive training presentation I was making... instead of typing " vacutec.com " , I inadvertently added an " H " at the end ( vacutech.com ). No damage to my pc, but it took a few minutes for the class to settle down when the page opened on my projection screen. .Since then I rarely type an address now during a course... I keep a list of likely needed links handy.

    Thanks for the great article

  2. Michael :) · 1393 days ago

    Yes indeed

    I recently (being 15 minutes ago) removed some incredibly annoying adware.

    It played ads. >.< stdrt.exe was the culprit, kept in temp files generated by another file.

    Used combofix and unhackme as a result.

  3. Scott · 1389 days ago

    My Astaro Security Gateway did a nice job of blocking a “parked domain” such as the ones described. :)

  4. CoM · 1365 days ago

    No doubt typosquatting is even more pernicious on mobile devices - since we are more likely to make a typing mistake and less likely to see it, given the smaller font size and URL box that we are dealing with.

  5. Jason · 1309 days ago

    I almost become a victim of fraud when I thought I was at "Paypal" but it was spelled "Peypal" and received payment confirmations from a customer from Russia using the misspelled URL

  6. How using Google or a search engine....

    That would reduce typing in the wrong URL>

  7. Sandy R · 1305 days ago

    I'll never forget when I misspelled nasdaq...omg I was bombarded with porn site e-mails for months...and I didn't do anything ...clicked right off when I saw What had happened!

    That was a real pain!

  8. This problem will only increase as people's fingers are not getting smaller and mobile devices are increasing in use.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at https://grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley