Jeff Gelles: A small mistake in typing a web address can result in big problems

Websence is a content security company. It's always on the watch for typosquatting, its manager of security research says.
Websence is a content security company. It's always on the watch for typosquatting, its manager of security research says.
Posted: December 23, 2011

As the famous New Yorker cartoon once said, "On the Internet, nobody knows you're a dog." But con artists do know when you're typing like one online - because you show up with your tail wagging on their virtual doorsteps.

One of the net's peculiarities is that a small mistake in a web address - the type of error that the Postal Service and mail carriers routinely overlook or adjust for - can lead to big trouble. Instead of winding up down the block, as your letter might if you make a one-digit error in a street address, your browser can deliver you to the wolves.

You might have noticed what happens if you make such a mistake. Perhaps you've seen a pop-up ad bearing the logo of a page you actually wanted but pitching a prize for entering a contest or filling out a survey. Or maybe you've just seen a page full of clickable links to sites selling related goods or services.

But sometimes the misdirection is more subtle - and risky. For instance, some recent, accidental visitors to "www.wallmat.com"; downloaded malware onto their computers, according to an advisory from Google.

That's just one of the dangers, according to a recent report from Websense, a California "content security" company that provides blocking services for businesses that want to keep employees from visiting problematic sites, such as those pitching online pornography and gambling.

Chris Astacio, Websense's manager of security research, says "typosquatting" puts careless Internet users at risk of scams such as phishing, in which look-alike web pages are designed to steal account numbers, passwords, and other sensitive data. The worst sites expose visitors to malware, perhaps drawing them into botnets used by criminal enterprises.

The biggest names on the web are common targets. Earlier this year, Facebook sued a group of typosquatters it said were harming the company's business and reputation.

Astacio said Websense is continually on the watch for typosquatting. This fall, it documented more than 2,000 such addresses, including a large number that seemed to center on a set of legitimate British retailers such as Homebase and Mothercare.

"This year, we noticed that it happened more en masse," says Astacio, who described the related sites as a "typosquatting hive": a collection of domains apparently controlled by a single group. "This one looked like it was aimed at CyberMonday," the Monday after Thanksgiving that is a peak day for many online retailers.

The typosquatting con game has its roots in the early days of the web, when some entrepreneurs realized they could capitalize on users' mistakes. A simple approach was to register domains based on common keyboard errors, and then siphon away purchases meant for better-known companies.

Until the Internet's domain-name administrators cracked down on the practice, some early cybersquatters were respected companies seeking to profit from competitors' sluggishness. In 1994, for instance, Princeton Review registered "Kaplan.com" to divert business from its test-prep competitor, according to Benjamin Edelman, a Harvard business professor and Internet researcher.

Astacio says the practice has acquired a darker reputation in recent years, as typosquatters linked to organized crime have sought to cash in on the likelihood that careless typists will hit adjacent keys on computer keyboards. But legitimate businesses also continue to be involved not just as victims but as beneficiaries.

In a paper he coauthored last year, Edelman said that Google's was the most commonly targeted website for typosquatters but that the company also stood to benefit, because 4 out of 5 of the typosquatters' sites sold pay-per-click ads, a business Google dominates. (The paper said Edelman was cocounsel in litigation "seeking to hold Google liable for using typosquatting domains to display advertising.")

Edelman and his coauthor, Tyler Moore, estimated that nearly a million typosquatters' web addresses target the top 3,264 dot-com domains with URLs of at least five characters - long enough, they said, to make typos more likely.

What's a web user to do? Astacio says the only answer is to be more careful when you type URLs. And if the page you land on doesn't look right, go back to the address bar and try again.


Contact columnist Jeff Gelles at 215-854-2776 or jgelles@phillynews.com.

comments powered by Disqus
|
|
|
|
|