The good, bad and ugly

By Robert E. Holtfreter, Ph.D., CFE, CICA

robert-holtfreter-80x80.jpg   Taking Back the ID: Identity theft prevention analysis  


Lands’ End, a well-known clothing company, designed an online affiliate program in which it paid other website owners for sending shoppers to its website. The program allowed affiliates to post links on their sites that directed users to the Lands’ End site. Lands’ End granted a commission to an affiliate when an Internet user reached the Lands’ End website via a link on the affiliate’s site and made a purchase.  


All went well until some members of the affiliate program, who claimed to operate several retail websites that would direct traffic to Lands’ End, didn’t disclose that they had registered dozens of misspellings of the Lands’ End trademark. (Note that the company once spelled its name Land’s End.) So, when users would type one of these misspelled variations of Lands’ End, they would appear to be taken directly to the real site but would actually be funneled through one of three affiliate sites so that these shady merchants could increase their commissions. A classic case of typosquatting. (See "10 Most Audacious Typosquatting Cases Ever" and "Lands' End Gets Trial in Unusual 'Typosquatting' Case.") 


Typosquatting is defined on the WiseGEEK website as “the purchase of a misspelled version of a popular domain name for the purpose of attracting visitors who make typographical errors when entering web addresses.” Online merchants take advantage of “fat finger” typing mistakes. Typosquatting can be good, bad or ugly (or bad and ugly) depending upon the purchaser’s motives. 

Domain names allow us to share information, transact business and accelerate education. According to the Webopedia website, “Domain names are used to identify one or more IP addresses. For example, the domain name microsoft.com represents about a dozen IP addresses. Domain names are used in URLs to identify particular Web pages. For example, in the URL http://www.pcwebopedia.com/index.html, the domain name is pcwebopedia.com. Every domain name has a suffix (attached to the end of it) that indicates which top level domain (TLD) it belongs to. There are only a limited number of such domains.” 

At the risk of being too elementary, according to the Webopedia reference, these are the more commonly used suffixes: 

  • gov: government agencies. 
  • edu: educational institutions. 
  • org: organizations (nonprofit). 
  • mil: military. 
  • com: commercial business 
  • net: network organizations.  

The letters IP in “IP address” are short for Internet protocol. When included with a transmission control protocol (TCP), or higher-level protocol, it sets up a virtual connection between a source and its destination. The IP is part of an addressing system that by itself initiates the communication between the sender and recipient (like putting an address and a stamp on an envelope and depositing it in a mailbox), but the TCP/IP completes the connection between the two parties and allows them to exchange messages in the electronic world (like the post office delivering that letter). 

Well, what does all of this have to do with fraudulent behavior and identity theft? The answer is “A lot.” Organizations commonly will purchase additional domain names similar to the correct ones, so that if users are off by a few letters they’ll still get to the real thing — that’s good for the customers and the organizations. 

However, shady entrepreneurs will make money when misdirected victims click on advertising links set up on typosquatting sites that mirror popular organizations or businesses or divert visitors away from the competition and to their business web pages — that’s bad

A cyber criminal’s fraudulent site might include a phishing scheme that bilks personally identifiable information such as credit card or bank account numbers. That’s ugly.

And then there are the fraudsters who prey on victims who make innocent typing errors and end up on contaminated websites. The site looks familiar, you click on something, and malware downloads on your computer. You’re a victim of identity theft — that’s bad and ugly! Fraudsters have copied the home pages of legitimate organizations’ websites and included them on their contaminated websites. 


How common is typosquatting? Internet Scambusters, in a 2008 study, “Beware of Typosquatting and new Identity Theft Warnings,” identified 80,000 typosquatting sites covering 2,000 frequently used websites. One popular website for kids yielded more than 300 criminal sites, and a major credit-reporting site contained nearly 750. 

Paul Ducklin, a computer security expert with the company, Sophos, recently investigated the scale and risk of the typosquatting industry and reported his findings in “Typosquatting — what happens when you mistype a website name?” on the Sophos Naked Security website. 

Ducklin applied “every possible one-character typo” of six popular domain names: Facebook, Google, Twitter, Microsoft, Apple and Sophos. He collected http data and browser screenshots from 1,502 websites and 14,495 URLs. He found the most typosquatting activities on these sites:  

  • Advertising and popups: 15 percent.
  • IT and hosting: 12 percent.
  • Search: 6 percent.
  • Cyber crime: 3 percent
  • Adult and dating sites: 2 percent.

It makes sense that advertising and popup sites lead the list because, again, entrepreneurs (both good and bad) like to piggyback on the domain names of popular companies and create typosquatting sites to traffic their products or earn revenue click after click by advertising products for others. Of course, those who run the high-risk sites in the list — cyber crime and adult and dating — intend to present them as harmless. According to Ducklin, the cyber-crime sites “are associated with hacking, phishing, online fraud or spamming” activities. 


Ducklin identified the U.S. as hosting the most typosquatting URLs at 63.8 percent. Germany follows at 4.6 percent; China, 4.1 percent; the U.K., 3.1 percent; Japan, 2.7 percent; and South Korea, 2.5 percent.  

For full access to story, members may sign in here.

Not a member? Click here to Join Now. Or Click here to sign up for a FREE TRIAL.