Typosquatting

From Wikipedia, the free encyclopedia

Typosquatting, also called URL hijacking, is a form of cybersquatting which relies on mistakes such as typographical errors made by Internet users when inputting a website address into a web browser. Should a user accidentally enter an incorrect website address, they may be led to an alternative address owned by a cybersquatter.

Generally, the victim site of typosquatting will be a frequently visited website. The typosquatter’s URL will usually be one of four kinds, all similar to the victim site address:

(In the following, the intended website is “example.com”)

* A common misspelling of the intended site: exemple.com
* A misspelling based on typing errors: xample.com or exxample.com
* A differently phrased domain name: examples.com
* A different top-level domain: example.co.uk

Once in the typosquatter’s site, the user may also be tricked into thinking that they are in fact in the real site; through the use of copied or similar logos, website layouts or content. Sometimes competitors of the victim site will do this.

Alternatively, the user will be forwarded to a site of a completely different nature to what they intended. This tactic was infamously used by John Zuccarini, who redirected domains targeting children to pornographic websites. Sometimes, the typosquatters will use the false addresses to distribute viruses, adware, spyware or other malware. Some are also shock sites. More common are benign but irrelevant and useless domain parking sites, selling advertising to firms based on keywords similar to the misspelled word in the domain.

As with cybersquatting in the past, the term typosquatting has been used by covetous parties in an effort to unseat domain registrants from brandable variants of generic domain names. The shortage of poignant and generic domain names in the coveted .com generic top-level domain has left many hopeful registrants with no alternative but to locate catchy variants of existing generic words e.g. Orbitz.com (popular travel site with “z” to replace the “s”) in an effort to find “new land” on which to build their website. As in the preceding example the line between typosquatting and registering a brandable variant of a generic domain name blurs dependent on the circumstance of each situation.

Examples of typosquatting

* Wikipedia is a victim of typosquatting: www.wiipedia.org, www.eikipedia.org, www.wilipedia.org, en.wikipedi.org, and www.wikipedi.com [as of 2006], are all websites which contain pop-up ads, spyware/adware downloads, and ad-generating search engines.
* A related gambit is obtaining “800″ numbers that correspond to misspellings; a good illustration is AT&T’s sudden abandonment of “1-800-OPERATOR” and replacing it with “1-800-CALL-ATT”. It seems that many Americans don’t know how to spell operator, enough that MCI Communications was raking in a lot of business with “1-800-OPERATER”, reaping the benefits of AT&T’s advertising. (In both numbers, the final “R” is superfluous.)
* The National Austrian Public Service Broadcaster “ORF” was typosquatted by 0rf.at a net art site.
* Google’s anti-typosquatting defense is incomplete; as of April 2006, www.goggle.com redirects to a suspicious anti-spyware vendor rather than to Google. The site attempts to spam users with a popup and foist an executable download upon them without any further user action.