Beware of 'typosquatting'!

Posted: Updated:
Facebook registered commonly misspelled versions of its site, like facebok.com, which redirect users to Facebook.com. (Source: 3TV/CBS 5) Facebook registered commonly misspelled versions of its site, like facebok.com, which redirect users to Facebook.com. (Source: 3TV/CBS 5)
(DATA DOCTORS) -

Q: I mistyped a web address while following setup instructions for my printer and ended up at a scam support site.  How can these guys get away with this?

A: One of the oldest tricks on the Internet is something called "typosquatting" or the registration of misspelled websites.

Because so many users manually type in web addresses every day, all it takes is one character to be off for this scam to be effective. Instead of going to your intended location, you'll end up at a potentially harmful site that may look close or even identical to the site you were seeking.

Is it legal?
Typosquatters aren't always using the misspelled sites for malicious activities and unless a trademarked name is part of the address, there are no laws being broken.

Registering commonly misspelled websites and redirecting the errant traffic to a legitimate website is perfectly legal and a common practice, especially by a competitor of a large brand.

[MORE: Data Doctors]

The more popular a website is -- like Facebook or Google -- the more likely there will be many misspelled versions of it registered to try to take advantage of sloppy spelling errors.

Typically sites that engage in malicious activities can be brought down by the company that's hosting the site, but it's so easy to switch to another host, create their own web servers or switch to another misspelled address in this ongoing game of "whack-a-mole."

Dangerous misspellings
Anyone who has ever been in a hurry when typing in a web address accidentally missed a letter like the c in ".com" or typed c before the "." in his or her haste.

The resulting web address ends with .om which is the country code for Oman. Hundreds of well-known names have been targeted by .om typosquatters.

Another well-documented domain that has popped up as a variety of scams over the years is "goggle.com" prior to Google's long battle to finally acquire the domain.

This highlights one of the problems with regulating website registrations. Clearly "goggle.com" benefited from the misspelling of "google.com" but because it's a generic word, it didn't violate any of Google's trademarks resulting in the long process of acquiring control of it.

Protecting yourself
The obvious tip is to slow down and make sure you're spelling things correctly. If it's a site you'll be visiting frequently, create a bookmark or shortcut to it for future visits.

If you aren't sure about the spelling of a website, type the web address in without .com so that it turns into a Google search. Google's autocorrect, page ranking algorithm or "did you mean" engine will kick in and most likely point you to the legitimate resource.

As far as legitimate support from a specific company goes, try typing the company's web address followed by /support (ex: hp.com/support) as this is a pretty standard method used by tech companies.

The best way for companies to protect themselves against typosquatting is to register the misspelled versions themselves and redirect the traffic to the proper address. Facebook, for instance, registered commonly misspelled versions of their site like facebok.com and facbook.com which redirects users to Facebook.com.  
 


Click/tap here to download the free azfamily mobile app.

Copyright 2017 KPHO/KTVK (KPHO Broadcasting Corporation). All rights reserved.