So we don’t have millions of users attempting to type in and visit our URL each day. To get an idea of how many typosquats to expect for a business domain, we started with the mutated versions of Although more than 100 million users worldwide are protected by Sophos, we don’t have consumer products, an online music store, webmail, a search engine or a social network. Not all of the possible one-character-wrong names for any domain will be registered and in use. And is a site owned by an American called Glen Witter. is a site about Goole, a large port on the East coast of England. The domain for example, sounds like a betting site, and it is. That produced 2249 unique site names, from through to Of course, a few of these generated names are meaningful in their own right. We generated all possible one-character mistakes in the form of the above six domains. Typos involving numbers or punctuation marks were ignored. To keep things simple but representative, we limited ourselves to typos of one alphabetic character in the company name: one letter omitted, one letter mistyped, or one letter added. We chose six domains: Facebook, Google, Twitter, Microsoft, Apple and, while we were about it, Sophos. So, how bad is typosquatting? What sort of risk do fat-fingers pose? Typosquatters register mis-spellings of popular domains in the hope that they will be able to make money out of traffic from unintentional typing mistakes, or fat-finger errors, made by internet surfers. Indeed, redirects at the whim of its operator, taking you to different sites each time you visit.Īs you can see below, took us to a product comparison site, an online coupon site and then to a generic search site commonly seen on typosquat domains. She was immediately and automatically deviated to a site which was blocked by Sophos Endpoint Security because it contained malware. She meant to visit, but typed the linguistically-similar by mistake. In this report, he analyses the data to paint a fascinating picture of the typosquatting ecosystem, finding surprisingly little malware, but nevertheless plenty of risk.Ī Naked Security reader recently asked us to investigate the scale and the risk of typosquatting, after she accidentally put herself in harm’s way by mistyping a popular URL. Paul Ducklin takes an in-depth look at the scale and the risk of the typosquatting industry: registering mis-spellings of popular domains in an attempt to profit from typing mistakes.Īpplying every possible one-character typo to the domain names of Facebook, Google, Twitter, Microsoft, Apple and Sophos, Ducklin collected HTTP data and browser screenshots from 1502 web sites and 14,495 URLs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |