Two typosquatting sites, “Wikapedia.com” and “Twtter.com,” have been forced offline and fined £100,000 ($156,000) each by a UK telephone regulatory agency.
Before the sites were kicked offline, visitors to the sites were greeted with look-alike versions of Wikipedia and Twitter that pulled a bait and switch, offering advertisements for iPad and MacBook competitions.
According to a report from The Next Web, visitors who clicked through were asked to provide their mobile phone number before going through some text-based rigamarole that cost them £1.50 ($2.37) a pop.
It got pricey for some. Here’s how The Next Web described the scam:
Consumers were asked to input their mobile phone number, after which they would receive a PIN number on their mobile phones to use for the competitions. They would then receive texts on their mobile phones asking them quiz and survey questions, which were charged at £1.50 for each one sent, and a further £1.50 if they answered. One complainant said that his fiancée “was tricked into a service on YouTube” and was charged £63 in total.
An announcement about the action was put out on Thursday by PhonepayPlus, the U.K. agency that cracked down on the typosquatters and which regulates premium rate telephone services.
An excerpt from that announcement:
In both cases, the landing pages for the ‘squatted’ sites looked like the genuine sites the consumer was searching for – the ‘squatted’ sites used the same logos, colouring and fonts.
These ‘squatted’ sites informed consumers that they had won or could claim a prize, such as an iPad. In both cases, consumers were given the impression that to enter or claim they simply had to enter their contact details and answer some questions.
Anybody who’s ever gotten their fingers twisted in the URL bar knows that typosquatting—the registration of misspellings of popular domains in an attempt to profit from “fat-finger errors,” aka typing mistakes—is rife.
As Sophos’s Paul Ducklin found when he recently researched the phenomenon, the percentages of active, registered domains in generated typosquat lists of domain names tended to get sky-high when you’re talking about high-profile, wildly popular domains such as Twitter or Wikipedia.
Paul’s research found that Microsoft typosquats came in at 61%, Twitter at 74%, Facebook at 81%, Google at 83% and Apple at 86%.
Beyond adult and dating sites (which made up 2.4% of the typosquatted versions of 2,249 unique site names), Paul found that bait and switch was one of a variety of money-generating gambits on this list of typosquatting schemes:
- Domain parking and domains for sale
- “Related search” pages
- Competitions and surveys
- Passing off
- Oddball humour and satire
- Fellow typosquatting researchers
One bait and switch Paul came across was a fat-finger error that brought up an Apple-like page that offered a “Download iTunes” button. Instead of a download, users who fell for the click bait were shunted to the mp3helpdesk site, which offered “unlimited downloads for just 0.99 a month.”
In reality, all you’d get was access to technical help forums for a selection of free software for file sharing and for playing audio and video files. “Unlimited downloads” translated to legal and illegal peer-to-peer files that are already free for the taking online—something the site informed users about in teensy type.
For its part, “Wikapedia.com” and “Twtter.com” didn’t even offer squinty informative type about the text message charges with which it intended to stick the unsuspecting.
As PhonepayPlus put it:
PhonepayPlus' Tribunal found that that the providers had breached the Code of Practice as a result of promotions that had misled consumers and that had not provided clear information about pricing.
Both of the sites’ owners, R&D Media Europe and Unavalley BV, are based in Amsterdam. Beyond the fines, PhonepayPlus ordered the companies to refund consumers.
The agency has also published guidance to premium rate providers about how services should be marketed online and digitally, reminding them that providers are responsible for all digital promotions and will be in breach of its Code of Practice if they use marketing firms that mislead consumers through typosquatting.
PhonepayPlus also put out a guide for consumers to help them avoid getting sucked in by typosquatting schemes, including what to look out for when searching online.
The agency’s five top tips:
- Check the address you are looking for. When typing in the address you are looking for, take a second to double-check you have typed correctly, before clicking on ‘search’. When you arrive at the page, check that the web address at the top of the screen (it should usually begin with www.) is the address you searched for.
- Is the page you see what you expect? If the web page you arrive at does not contain what you were expecting, it may not be the correct one. For example, if you are looking for Facebook, you should see a page to enter your log in details.
- Hover the mouse, before clicking. Hover the mouse over any link or picture before clicking on it to see if the web address you expect appears at the bottom of the window.
- Protect your phone number. Remember, your phone is like a bank card – payments can be charged to your bill so treat your phone number like a bank PIN. Only enter your mobile number online if you wish to subscribe to a particular mobile service or wish to be contacted.
- Read the small print. Always check the small print for conditions and pricing information before entering your mobile number online, making sure to scroll all the way down the page.
boy being punished image courtesy of Shutterstock