Typosquatting is basically when Internet users type in a website address into a web browser, but a simple (usually common) typo accidently leads the user to a website owned by someone looking to profit by selling their domain... or, even worse, a scammer or virus-ridden website.
The combination of your big sausage fingers and ‘the need for speed’ may be a major problem according to security firm Sophos, who took to their blog to discuss the trend of typosquatting and recommended that companies buy up the most common misspellings of their online addresses and also warned people that missing dots out of emails can also be very costly!
The blog reports that researchers (Peter Kim and Garrett Gee) bought 30 internet domains that they believed that people would send emails to by mistake. The domain names they chose were Fortune 500 companies (which is the yearly list of the top 500 U.S. closely held and public corporations compiled by Fortune magazine) - but with a single dot missed out.
Their results were rather shocking - as having purchased the domains, the duo reports that they then (mistakenly) received over 120,000 emails in six months. Worryingly, in amongst these emails was passwords for an IT firm's external Cisco routers, precise details of the contents of a large oil company's oil tankers, and VPN details and passwords for a system managing road tollways.
Of course, typosquatting is nothing new. For example, Wikipedia uses the examples of Goggle.com, which is obviously a dirty and cheap tactic to lead people searching for search engine Google.com to a nasty website which then promptly infects the clumsy typer’s computer with spyware. However, most people are less ‘on their guard’ when it comes to emails...as they wrongly assume that the mistyped email won’t be seen by anyone. Wrong! You need to check addresses before clicking ‘Send’ or ‘Enter.’
Mark Stockley (who penned the article in question on the Sophos blog) also correctly noted that thieves can actually forward the email to its intended sender so that it is difficult to spot a problem, then when the recipient responds to the email, that's more (potentially dangerous) information that a thief has at his disposal.
So, the moral to this blog post is... wathc out for typos!
Andrew Frowen is Managing Director at Warwickshire-based computer forensics agency IntaForensics
About the author
Andrew Frowen MBCS CITP is the Managing Director of IntaForensics; a Midlands-based Digital Forensics Company who provide services to both the public and private sectors. Andrew is responsible for overseeing all aspects of business from recruitment to marketing. Andrew is a practicing Digital Forensic Analyst, performing examinations on all forms of digital media including computers and mobile phones.
Comments (1)
Leave CommentThere is also the key combination that launches
an e-mail when part-formed - and therefore
unchecked for other errors.
Or unwanted text, if it is being derived by
"cannibalising" existing traffic.
Report Comment
Post a comment