Q: I mistyped a web address while following setup instructions for my printer and ended up at a scam support site. How can these guys get away with this?
A: One of the oldest tricks on the internet is something called 鈥渢yposquatting,鈥 the registration of misspelled websites.
Because so many users manually type in web addresses every day, all it takes is one character to be off for this scam to be effective. Instead of going to your intended location, you鈥檒l end up at a potentially harmful site that may look close or even identical to the site you were seeking.
Is it legal?
Typosquatters aren鈥檛 always using the misspelled sites for malicious activities, and unless a trademarked name is part of the address, no laws are being broken.
Registering commonly misspelled websites and redirecting the errant traffic to a legitimate website is perfectly legal and a common practice, especially by a competitor of a large brand.
The more popular a website is, like Facebook or Google, the more likely there will be many misspelled versions of it registered to try to take advantage of sloppy spelling errors.
Typically, sites that engage in malicious activities can be brought down by the company that鈥檚 hosting the site, but it鈥檚 so easy for them to switch to another host, create their own webservers or switch to another misspelled address in this ongoing game of 鈥渨hack-a-mole.鈥
Dangerous misspellings
Anyone who鈥檚 ever been in a hurry when typing in a web address has accidentally missed a letter like the 鈥渃鈥 in 鈥.com鈥 or typed 鈥渃鈥 before the 鈥.鈥 in their haste. The resulting web address ends with 鈥.om,鈥 which is the country code for Oman. Hundreds of well-known names have been targeted by .om typosquatters.
Another well-documented domain that has popped up in a variety of scams over the years is 鈥済oggle.com,鈥 before Google鈥檚 long battle to finally acquire the domain.
This highlights one of the problems with regulating website registrations. Clearly 鈥済oggle.com鈥 benefited from the misspelling of 鈥済oogle.com.鈥 But because it鈥檚 a generic word, it didn鈥檛 violate any of Google鈥檚 trademarks, resulting in the long process of acquiring control of it.
Protecting yourself
The obvious tip is to slow down and make sure you鈥檙e spelling things correctly. If it鈥檚 a site you鈥檒l be visiting frequently, create a bookmark or shortcut to it for future visits.
If you aren鈥檛 sure about the spelling of a website, type the web address in without 鈥.com鈥 so that it turns into a Google search. Google鈥檚 autocorrect, page-ranking algorithm or 鈥淒id you mean?鈥 engine will kick in to most likely point you to the legitimate resource.
As far as legitimate support from a specific company goes, try typing the company鈥檚 web address followed by 鈥/support鈥 (e.g., hp.com/support) as this is a pretty standard method used by tech companies.
The best way for companies to protect themselves against typosquatting is to register the misspelled versions themselves and redirect the traffic to the proper address. Facebook, for instance, registered commonly misspelled versions of their site, like 鈥渇acebok.com鈥 and 鈥渇acbook.com,鈥 both of which now redirect users to Facebook.com.
Ken Colburn is founder and CEO of . Ask any tech question on or .
