Monday, April 14, 2008

Always Check your Spelling

Did you know that if you misspell the URL you are going to, you have a 1 in 14 chance of opening a rogue website? You run the risk of being infected somehow. And you will be helping a criminal to make money by fraud!

For the past several years, the cyber-villains have been "cyber-squatting" and "typo-squatting" - which is "the practice of registering domains that are usually common misspellings of popular brands, products, and people in order to profit from consumer typing errors."

Here are some of the more common ways people misspell:
  • swapped letters -
  • replaced letters -
  • inserted letters -
  • deleted letters -
  • missing dot -
The "bad" guys buy misspelled domain names of popular heavily trafficked sites. They usually buy from the registrars that offer "5-day free trial" domain names. They wait and see which ones generate the most traffic and then register them. They cancel the others and then sit back and wait on their clicks (and money) to start rolling in!

When you misspell a common URL, you will be directed to a site that is hoping you will click on one or more of its links. These links have been set up not to look like an ad but rather a necessary link related to the URL. Google's AdSense system of pay-per-click will eventually suffer from the negative publicity caused by this new fraud scheme. Users will stop clicking on those little Google ads common on websites.

These cybervillains tend to prey on the types of sites the naive and careless use, especially young children and teenagers. An intelligent person or an experienced user would never fall for it, right? Believe me, there is always that person who is more experienced and/or more intelligent than you. AND has a criminal mind and agenda!

In other words, be careful. You can never be too careful. Nowadays, the Internet creeps have forced us not to trust anyone any more and rightly so. I don't know one single person who regularly uses the Internet who hasn't been infected in some way.

The best advice is to be sure you have up-to-date security utilities in place. And USE them - run your scans, do your clean-ups, de-frag your system - I know it's a pain in the neck sometimes, but do it anyway!


McAfee conducted a very thorough test regarding the presence of squatters. The top 22 types of websites targeted for this fraud scheme are:
  • games
  • mainstream media
  • airlines
  • adult
  • technology
  • auto
  • security
  • children
  • music
  • shopping
  • news
  • entertainment
  • financial
  • fortune 500
  • gadgets
  • popular
  • travel
  • dating
  • celebrity
  • advertising
  • sports
  • fashion
They determined the following popular or common websites are particularly targeted due to their popularity. It's not that you need to avoid these sites - not at all - just be wary of the links you click while there. You may be fueling a criminal empire!

(NOTE: they are in no particular order)
Most search engines are trying to protect us by offering "did you mean..." when it suspects a misspelling. Yahoo even went so far as to buy/register all of its common variants in 1994 - it redirects the user to their home page instead. Microsoft offers a free tool that allows interested individuals the opportunity to find and analyze squatters.

Once again, my whole purpose of this blog is to keep us alert and teach us to be a lot less careless when using the Internet.

1 comment: