Think of the numerous times you wanted to access a particular website, but for some reason, forget to type a letter or type 1 or 2 more. There are times when you see an error message that says the page does not exist and we notice the error. But in others, they can direct you to pages that may look very similar to those we visit frequently. It is there where we might not realize that we made a mistake and we are in a masked web.
In itself, the damage generated by Typosquatting may not be very worrying. However, we have to pay close attention when we are redirected to websites that look quite similar to the originals. Because it may happen that they are offering us some type of product or service that may not be what we expect. Later, we will show you a curious example that we have found. This was discovered and analyzed by the Sophos company, for its Naked Security division.
Thus, based on an oversight, you can take advantage. In this type of situation, nobody wants to be wrong when typing. But many times, we hurry or distract them. The people responsible for these traps keep track of the most common mistakes, so they register domains and create fake web pages. The purpose is to generate profits as quickly and easily as possible.
Sorting the types of Typosquatting
We can find different categories. Several of which may be quite familiar to us. Since it is almost certain that everyone, at some point, made a typing error and went to a website that did not turn out to be what we wanted. There are websites dedicated to display domains for sale, dedicated to offering surveys to complete or compete for some prize and ironic and / or satirical humor. Among others, we can also quote and highlight the Bait-and-Switch and Domain Parking.
Bait-and-Switch
The term is to make an error when typing any website and finally redirect you to a page that can sometimes provide misleading content and services. Let’s take an example analyzed by Sophos: we mistakenly type the official Apple site, redirect us to an online store that looks very similar to a real Apple. Apparently, it provides you with an unlimited download offer from iTunes, for both Mac and Windows. Very interesting, right?
There may be a button that says «Download iTunes». You click on it, but it doesn’t really take you to any download related to that product. It redirects you to a portal called mp3helpdesk and says to offer you unlimited downloads for less than 1 USD per month. It turns out that you are paying for access to technical help forums regarding free software that is used to share and play multimedia files. Because in itself, as we commented, this software that is used to share legal or illegal files, can be downloaded freely and free of charge.
A risk that we could fall into, although not as frequent in typosquatting, is phishing. Following the websites very similar to those we frequent, we might have to enter sensitive data such as credit card numbers or bank accounts. Without realizing it, you can be the victim of an attack that affects millions of people every year, just for not paying attention to the pages we enter.
Domain Parking
There are a lot of websites that are responsible for listing and offering domains for sale. Several of them also include a section of related Google searches, precisely thanks to the subsidiary of Google DoubleClick. The appearance of these sites can be quite familiar. They have a characteristic design of a website that will have been developed many years ago.
The best advice to avoid falling into deceptive products or services on the web, is to look at key aspects of the page. The logo, the menu, the content it offers and most importantly, the URL. The latter is usually ignored because there are times when we see only a lot of numbers and letters that, apparently, make no sense.
