Misspelling goes criminal with typosquatting
Inaccurate spelling means more than poor marks at school, it is a billion dollar business opportunity for typosquatters. At a single IP address, the AVAST Virus Lab has identified 8,600 typosquatting sites, registered variations of well-known sites or brands. Two identifiable targets were the Craig’s List online classified ad service and YouTube, other site addresses were parodies of Hotmail, Google, and YouTube – basically everyone.
After going to one of the identified typosquatting sites, visitors are redirected to one of several hundred “quiz” sites where they receive an offer of a “free” prize such as an iPhone. The sites typically make money through premium phone calls, selling advertisements, and reselling the emails collected from visitors.
Spelling errors are a huge moneymaker on the internet. A Harvard research paper estimated that a major search engine alone could be making nearly a half billion dollars annually just on pay-per-click ads from typosquatting sites. Add in the other search engines and the revenue from the sites identified by AVAST, and typosquatting could easily be a billion dollar market.
“It is not technically malware, but it is online fraud and features like AutoCorrect in Microsoft Word have really let people get lazy with their spelling,” pointed out Jindrich Kubec, head of the AVAST Virus Lab. “The popularity of Craigslist with this one gang gives us a great sample set to demonstrate the types of spelling errors the bad guys are looking for."
The Craigslist typosquatting focused on three basic spelling errors:
1. Reversed/omitted letters - indianapolis.criagslist.org
2. Wrong address format - craigslistpittsburgh.org
Craigslist places the city name first, followed by “.craigslist.org”
3. Wrong top level domain - craigslistaustin.com
Craigslist, at least within the United States, uses the “org” top level domain, not the much more common “com”. Other countries use their own national code such as jp for Japan.
Keeping safe from typosquatting depends on the individual user, with assistance from their antivirus program and search engine. “We block known typo and ‘quiz’ sites – several hundreds of them – so this is a big start,” explains Mr. Kubec. Beyond error-free typing, here are three tips for keeping safe from typosquatters that your English teacher never mentioned:
1. Know the correct address and domain before you start typing.
2. Go to sites through a search engine such as Bing or Google. This can reduce – but does not eliminate – the risk from a typo.
3. Think before you click or call – If you are offered a free iPod, maybe it’s not so free.
Our Aposemat Team has been testing the capabilities of IPv6 and how malware could take advantage of it. One of the topics explored was exfiltration of data via the IPv6 protocol, which we discuss in this post.
Popular banking services, including PayPal, Revolut and Venmo, allow users to request money from others with a few easy steps. Although simple, this functionality could increase the likelihood of related spearphishing attacks.