Typosquatting (also known as cybersquatting or url hijacking) is the deliberate act of registering misspelt popular website domains, to capitalise on internet users accidently typing incorrect characters for a website address into the address bar of a web browser.
Instead of visiting the correct website, users will be taken to an alternative website intended for a variety of malicious purposes, including the theft of personal information, fraud and the installation of malicious software.
A recent study by cyber security company Sophos found that typosquatting is still a huge industry and there are a significant number of fake domains registered, including sites targeting users of popular websites such as Google, Facebook, Twitter, Microsoft and Apple. Specifically, it was found that 80% of all possible one-character variants of Facebook, Google, and Apple website domains are registered.
The issue of typosquatting is not new but can seriously impact individual users as well as businesses, organisations and government websites across the globe.
Although there are solutions including the legitimate purchase of common misspelt domains as part of brand protection, this could amount to hundreds of possible domain name variants which might not be practical or cost effective, particularly for small businesses.
Individual users are advised to double check their url spellings before accessing a website. It is also advisable to bookmark favourite websites and, if in doubt, check url spellings in a popular search engine to make sure they are correct.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.