Scam Busters: Typosquatting


Making a typo when you are trying to connect to a web site URL can cost you time and money.

That is because savvy scammers, also known as typosquatters, are capitalizing on your typing mistakes by building up fake sites based on common URL typos. Those who unknowingly reach a typosquatter's site are likely to be bombarded with unwanted ads and, in some cases, dangerous viruses and spyware. The unintentional site visit might even cost you money.

The good news is you can protect yourself by staying a step ahead of these scammers.

What is Typosquatting?
Typosquatting, which some also call "URL hijacking," refers to the practice of registering Internet domain names whose spelling is very similar to existing web sites.

Example? A typosquatter may create to target users who intended to visit the Bank of America site (Stock Quote: BAC).

“Typosquatting is a way to force people to visit sites they had no intention of visiting, exploiting their error and taking them to sites where the entrepreneur can make money,”  says Alan Paller, director of research for the Internet security research group SANS.

According to Internet consulting firm CitizenHawk, there are more than 10,000 fake domain names that exist for the top 50 online retailers, including more than 400 intentional misspellings for Disney brands (Stock Quote: DIS) and more than 600 domains squatting on misspellings of

Typosquatters profit through advertisements that pop up each time a user stumbles onto the unintended URL. The typosquatter gets to charge the advertiser a fee if the user clicks on an ad. They also drive visitors to whatever content they are promoting.

Ben Edelman, an assistant professor at Harvard Business School, has contributed to a number of reports on typosquatting. He says most of the money is made by pornography sites hoping to lure unsuspecting visitors to their sexually explicit content. But many reputable companies are cashing in through typosquatting as well. Edelman says Google (Stock Quote: GOOG) is the main advertising service placing ads on typosquatting sites, with ads on more than 80% of the fake sites discovered. (Edelman is now part of a team of lawyers representing domain owners suing Google for violating trademarks.)

The Dangers of Typosquatting
Paller says there are three main dangers associated with typosquatting: theft of personal information and data, dangerous viruses and a slower, less responsive computer.

“Many scam sites can infect the victim's computer with malicious software that captures sensitive data and keystrokes [intended to provide data to legitimate] banking or other sites,” Paller explains. “The typosquatter then sells the banking credentials or uses it themselves to steal money from the user’s accounts.”

Protection tip: Experts say many fake sites are created to look just like the real one, so it’s important to check the URL carefully before entering any private information.

Paller says other sites can turn the victims’ computers into “spam machines” for which the typosquatter is paid. You’re forced to re-set your entire hard drive or pay for an expensive software program to rid your system of the spam.

How to Erase Typosquatters
Companies seeking to fight typosquatters can subscribe to services such as CitizenHawk’s “TypoSquasher,” which will search domains similar to a customer's URL and send automated “cease and desist” letters in cases of suspected fraud.

As for everyday Internet users, Paller says it’s important to keep your system's anti-virus programs up to date. He also says to run your browser with the open-source extension “NoScript” enabled. The program filters out suspicious URLs and neutralizes any malicious requests. More information can be found online at

Of course the easiest thing to do is to double-check your spelling every time you enter a web site address into your browser. The fewer people who stumble onto the fake sites, the less opportunities there are for typosquatters to make money. That simple step could protect you and your computer a lot of trouble.

Related Stories:

Scam Busters: Online Ponzi Schemes

Scam Busters: Shady Scholarships

Scam Busters: Caller ID Spoofing



—For the best rates on loans, bank accounts and credit cards, enter your ZIP code at

Show Comments

Back to Top