80% of mistyped URLs lead to typosquatting sites, says study

80% of mistyped URLs lead to typosquatting sites, says study

A new study has found that 80% of all mistyped domain names lead to bad-intentioned websites, set up specifically to capitalize on fat-fingered Internet users.

The ‘typosquatting’ trend has been a popular means for scammers to peddle off the good name of established brands for years now, as we reported in our cybersquatting feature from back in May.

The act of typosquatting involves people registering domain names that are similar to other popular domain names, but are different by a character or two. They then seek to capitalize on Internet users hitting the wrong key on their keyboard. Back in 2005, Google won the rights to googkle.com, ghoogle.com and gooigle.com, sites that had been set up by a Russian man to spread malware on users’ machines.

The new study by IT security and data protection company Sophos investigated every possible one-character typo of websites including Facebook, Google, Twitter, Microsoft and Apple, and with the results now out, Sophos is cautioning computer users to be careful how they type.

Sophos analyzed typosquatting targeting its own website and those of five big digital brands, and then looked for registered websites for every single one-letter typo of the company name: one letter omitted (e.g Sopos), one letter mistyped (eg Sphos), or one letter added (Ssophos).

The study revealed that there is a significant typosquatting ecosystem around high-profile, often-typed domain names. A massive 86% of the possible one letter mis-spellings of the Apple homepage led to typosquatting sites, followed by Google (83%) and Facebook (81%).

The highest proportion of the typosquatting sites – 15% – led to advertising sites. Cybercriminals register mis-spelled domain names to make advertising revenue every time someone mis-types the name of a popular site.

“It’s so easy to mistype a URL, and it’s inevitable that from time to time you will end up on an unintended website. In the worst cases, careless typing can lead you to a criminal website designed to steal your identity or phish your credentials,” said Graham Cluley, senior technology consultant at Sophos.  “A good idea is to bookmark your favourite websites rather than rely upon your fingers working correctly.”

As you can see from the chart above, the USA topped the typosquatting hosting list by some distance, with nearly two-thirds of the servers located Stateside, followed by Germany, China and the UK. The British Virgin Islands and the Cayman Islands which are offshore financial hubs, made it into the top dozen.

You can read more about the Typosquatting study on Sophos’ IT security blog. Meanwhile, here’s a video explaining a little bit more about the research and to remind users to “type carefully this Christmas.”

Read next: Launching in beta? Lure in users with BetaBait