Home > > Sophos warns of typosquatting

Sophos warns of typosquatting

Cyber-criminals are registering misspelt web-addresses of popular sites to earn money

IT security and data protection company Sophos is warning computer users to be more careful about spelling the web addresses of popular websites, as cyber-criminals are taking advantage of common mis-spellings and using those to redirect victims to its own websites.

Known as typosquatting, cyber-criminals register mis-spellings of popular websites in the hope that they will be able to make money out of traffic from unintentional typing mistakes made by internet surfers.

A study by Sophos, revealed that is a large typosquatting ecosystem around high-profile, often-typed domain names, with 86% of the possible one letter mis-spellings of the Apple homepage leading to typosquatting sites.

Fifteen percent of the squatting sites led to advertising websites, 12% were found to be IT & hosting pages - suggesting that they have been registered with the intention of being held onto and sold at a profit, which is also known as 'domain parking'.

Of the 14,495 mis-spelled URLs looked at in the study, 738 or 5.1% were categorised as cybercrime or adult sites. 

"It's so easy to mistype a URL, and it's inevitable that from time to time you will end up on an unintended website.  In the worst cases, careless typing can lead you to a criminal website designed to steal your identity or phish your credentials," said Graham Cluley, senior technology consultant at Sophos.  "A good idea is to bookmark your favourite websites rather than rely upon your fingers working correctly."