We have all done it – misspelled a URL even by just a single letter and ended up visiting a page that wasn’t the one we wanted. Typically the misspelled URL is associated with a high traffic site or brand, for example Apple or eBay. Each domain can provide thousands of variations so chances are whatever you mistype will end up being directed to a domain that has been purchased by someone to take advantage of high volume traffic and your fat fingers.
So typosquatting, as it known, is big business.
There have been some recent cases of firms who have purchased high profile brand domains, but have used these to dupe users into signing up for premium mobile services. The two sites were based on Wikipedia and Twitter and resulted in the companies being fined £100,000 ($156,000) each by PhonePayPlus, the UK based regulator for premium phone services. Despite this, purchasing and using a typosquatted domain appears to be legal.
Even with the high number of these domains, research last year by our Security partner Sophos - http://nakedsecurity.sophos.com/typosquatting/-suggested that these sites did not present a high security risk, though many of the domains were linked to suspicious sites or adult content sites.
That said, with the Olympics just around the corner, it’s likely that there will be a huge number of these domains already registered. And as we all know, just because there was no huge security risk when the research was done, in the fast changing world of cybercrime, this might not be the case now.
So what can you do to protect your organisation against typosquatting risks?
Typosquatting clearly highlights some of the limitations of relying on a URL database to categorize the pages your users are requesting. So deploying a Web filter that uses real-time content analysis is a smart move. That means that if the requested page contains content that you want to block, then it will be identified and your policy enforced.
Secondly, making sure that you have enterprise grade security at your gateway which can block any malware from these sites before they reach your endpoints is a sensible precaution.