Typos can expose you to more than you may realize

by Steve Ragan - Feb 24 2009, 17:00

Have you ever gone to visit a Web site and mistyped the URL? Suddenly you're bombarded with ads and pop-up screens, and in the worst case scenario Malware. Graham Cluley from Sophos posted a blog highlighting a typo for Wikipedia that leads users to a survey, but what if it was something else entirely.

Starting with the blog post by Cluley, one of his readers sent him an e-mail about a recent issue when visiting Wikipedia.org. It turns out that his reader mistyped the URL, using "wikpedia", which led him to a domain that appears legitimate until you look closer.

The images below are from the same site Cluley talks about. When The Tech Herald visited the page, the first thing that became clear is that there is an Iframe in use, as you can see in the source code. The second aspect is that the survey is a generic affiliate link. In this case, the domain is simply annoying or risky at best, because it asks for personal information.

Cybersquatting, or Typosquatting, is a big business online. Millions of pages exist filled with ads and other junk in the hopes someone will make an error and hit the page and view ads. Sometimes the pages will use search links that lead to the correct domain, but once clicked to correct the error, the owner of the site is paid. There are even tools designed to help Webmasters register typo domains before anyone else.

So there are known risks for visiting mistyped domains, either information-related risks or malicious risks. Leaving questions such as, how can I better manage my online experience and mitigate some of the risks, and how will I know if it's a typo site -- both of which are just begging to be asked.

How do you know if a page is a typo page? Odds are you know the site you're looking for. If the page that displays is radically different from what you're expecting to find, check the URL and ensure there is no type of false character. If the page is filled with ads, search links, and a basic or simplistic design that appears to be a single page, then it's likely to be a placeholder and a typo-related domain.

Regarding mitigation, the short answer is that you can’t mitigate. If you type something too quickly into the address bar, or don't know the proper spelling of a company name or site, then you stand a chance of seeing one of the typo-related domains. However, when unsure, use Google. Google will suggest terms for you and with common company names or domains correct spelling for you.

You can couple this with a service like McAfee SiteAdvisor or WOT through your browser. These will help avoid risky sites and search results. Another trick is to use the address bar in your browser. 

Depending on your choice of terms and browser settings, entering a search term in the address bar on most major browsers will either take you to the top most likely result of the site you are looking for, or a Google search results page, and often correct typos in the process. Using the 'wikpedia' site from Cluley’s blog as an example, Firefox went directly to the correct Web site, directing the browser to en.wikipedia.org.

If you do come across a typo page, click on nothing. Don’t take a survey, don’t hand out any personal information, and certainly don’t install or download any offered software.

Trust your gut instinct, if you're doubtful about a site, then leave it well alone.

Around the Web