One Internet security firm is warning that a botched keystroke while typing an online address can give computer criminals a chance to hijack your system.
San Diego-based Websense Inc. has identified as many as 2,000 so-called typosquatters, which use sites that look identical to legitimate ones to capture personal information, launch malicious computer attacks and initiate online scams.
The Internet domains of some of the nation’s most popular retailers, including Best Buy, Walmart and Apple, have been targeted so an errant character could take consumers to fake domains without their knowledge.
For instance, a shopper might accidentally land on the domain, wallmatt.com, as opposed to the big-box retailer’s actual walmart.com. The site might look like the retailer’s home page, but the extra “l” and “t” ensure that you have entered a typosquatter’s domain.
Another method used to trick consumers: Spell the retailer’s name correctly but misdirect consumers by changing “.org” or “.net” on Web addresses.
Chris Astacio, Websense manager of security research, said the popularity of online shopping has spurred unprecedented levels of typosquatting. Analysts started seeing fake domain registrations spike in October, in advance of the holiday-shopping season.
Beware of typosquatters
Internet-security experts are warning about the rise of Internet predators who disguise domains to mimic popular retail sites based on typos in Web addresses. The sites appear to be legitimate but hide scams that can steal information or insert viruses into your computer. Some examples:
Fake domain name: Wallmatt.com. Real domain name: Walmart.com.
Fake: Appple.com. Real: Apple.com.
Fake: BestBuyh.com. Real: Bestbuy.com.
Fake: Fashiomworld.co.uk. Real: Fashionworld.co.uk.
Fake: Sportsdierct.com. Real: Sportsdirect.com.
Fake: Wurbanotfitters.co.uk. Real: Urbanoutfitters.co.uk.
Fake: Datigdirect.com. Real: Datingdirect.com.
Source: Websense
“Every year it gets to be more prevalent,” Astacio said, adding that criminals want to capture Black Friday and Cyber Monday shoppers. “Criminals are registering the misspelling of domain names.”
According to experts, simply landing on a typosquatter site can enable criminals to infiltrate your computer.
A Websense analysis found that most typosquatting domains lead to a bot network, used to steal passwords and obtain personal information such as financial or banking records. Bot networks aren’t obvious and can involve millions of computers.
Another common typosquatting attack involves phishing schemes. Consumers landing on a phony domain instantly are offered online deals, coupons or even free merchandise. Pop-up ads offer fake products and tell consumers to fill out specific forms to claim prizes. In one case, the bogus domains tell consumers they have won an Apple iPad.
Astacio said in addition to asking for personal information, which can lead to identity theft, some pop-ups instruct consumers to dial a phone number to claim their prize. The caller will be placed on hold and will be billed for each moment the line is kept open, similar to calling a 900 number.
“As long as you’ve been on hold, you have probably racked up a charge high enough to buy an iPad,” Astacio said.
Typosquatting sites also can infect computers with viruses. These malicious sites disable systems, leading to debilitating computer crashes. The sites can affect whole networks of computers, either to steal information or to wreak mayhem.
The registration of misspelled domain names is illegal. But in a report released this month, Websense said that it traced thousands of typosquatters to U.S. Web hosts. Although the bulk of targeted retailers are located in Great Britain, the hosts are based primarily in the United States.
“Hundreds of hosts … are part of a typosquat hive (the hive itself contains thousands of hosts), and all of them are hosted in the U.S.,” the report states. “We call it a hive because all of the listed hosts have a connection, and were most likely set up by the same cybercriminals.”
The world’s largest domain-name registrar is Scottsdale, Ariz.-based GoDaddy.com. Laurie Anderson, Go Daddy domain-services disputes manager, said the company takes its role on the Internet seriously.
“When it comes to domain-name squatting, including trademark infringement, Go Daddy has a dedicated department committed to addressing these matters,” Anderson said in an e-mail.
She said that Go Daddy follows protocols set by the nonprofit Internet Corp. for Assigned Names and Numbers, which describes itself as “dedicated to keeping the Internet secure, stable and interoperable.”
“If we receive an order from a court or an ICANN-approved arbitration provider, we promptly comply with that order,” Anderson said.
Websense, in its report, said that some companies actually buy up domain names with misspellings to protect their customers.
“Kudos go to Amazon, which registered a good number of potential typosquat hosts, including aqmazon.com, amaxzon.com, amzon.com and many more,” Websense said in its report. “These are all good hosts registered by Amazon itself, leaving no chance for abuse as long as they remain registered to Amazon.”
Article source: http://www.usatoday.com/tech/news/story/2011-12-26/typosquatting/52229886/1. Creative Commons (CC)
