If you have lazy fingers or tend to type a little too quickly, you will no doubt have come across typosquatting and URL hijacking before. These are two techniques used to obtain website visitors by piggybacking on the popularity of big online brands. Typosquatters are people who register domain names that are very similar to a major brand, but contain typos. There is Goole.com and Gooogle.com for instance, or Fcaebook.com, and numerous other variants.
The variants are now much more numerous than they used to be. Many new domains have been registered in recent years by typosquatters. The big brands are unhappy to say the least. They see this as an infringement of copyright and many have filed lawsuits against the owners of the sites to get them taken down. Both Google and Facebook have taken legal action already.
Is typosquatting and URL hijacking harmless?
If someone registers a variant of Facebook they are likely to attract many visitors a day, but are they actually doing any harm? People will realize they have mis-typed and just visit the correct site. No harm done. However, that is not always the case with typosquatting and URL hijacking.
The websites usually contain adverts and the owners of the sites make money from displaying them, and even more if the adverts are clicked. Is that taking money away from the big brands? Apparently it is, and we are not talking cents here. According to a study conducted in 2010 by the Washington DC-based Internet consulting company Fair Winds Partners, this form of URL hijacking costs the owners of the legitimate sites around $285 million per year in lost advertising revenues, lost sales, and other expenses.
Recently, some of the fake websites have been used by cybercriminals for phishing campaigns, and many contain malware. The ad networks used on the sites can contain links to malware-infected websites, and a number of criminals have used the sites and the huge traffic volume they receive to launch fake competitions. The information gathered from entrants is used for spear phishing campaigns. The winners of the competitions (everyone who enters) is sent a link to claim their prize or an attachment to open. The aim is to get them to install malware or reveal their bank account details.
Ad Networks make the practice of typosquatting and URL hijacking very profitable
Typosquatters are able to make money from URL hijacking by using ad networks, and there are plenty to choose from. Some are choosy about the sites that they accept to be part of their network, others less so. Some of those ad networks do not vet the placers of adverts very carefully, allowing cybercriminals to place ads that are syndicated across thousands of websites. When the adverts are clicked, they direct the visitor to a malware-infected website or a phishing site.
A simple typo made when attempting to visit a website can start a chain of events that leads to a computer, or the network it connects to, being infected with malware. This can result in criminals gaining access to sensitive data.
With Christmas fast approaching, the sites are now being used to show Christmas special offers. After that they will show cut price deals during the January sales. Careless typists are likely to see a lot of adverts, and may even click on a few. That could prove to be a very expensive mistake.
Typos will always be made from time to time, and that means there will always be a risk that employees will accidentally visit these malicious websites.
Web filters can be used to block access to the typosquatters websites, and web filtering solutions such as WebTitan can stop malicious adverts from being displayed. It may not be possible to make workers type more carefully 100% of the time, but a web filter will ensure that a company is properly protected should a typo be made.