Q: I mistyped a web address while following setup instructions for my printer and ended up at a scam support site. How can these guys get away with this?
One of the oldest tricks on the Internet is something called typosquatting, or the registration of misspelled websites.
Since so many users manually type in web addresses every day, all it takes is one character to be off for this scam to be effective. Instead of going to your intended location, you’ll end up at a potentially harmful site that may look close or even identical to the site you were seeking.
Is it legal?
Typosquatters aren’t always using the misspelled sites for malicious activities and, unless a trademarked name is part of the address, there’s no laws being broken.
Registering commonly misspelled websites and redirecting the errant traffic to a legitimate website is perfectly legal and a common practice, especially by a competitor of a large brand.
The more popular a website is — think Facebook or Google — the more likely there will be many misspelled versions of it registered to try to take advantage of sloppy spelling errors.
Typically, sites that engage in malicious activities can be brought down by the company that’s hosting the site, but it’s so easy to switch to another host, create their own webservers or switch to another misspelled address in this ongoing game of whack-a-mole.
Anyone that’s ever been in a hurry when typing in a web address has accidently missed a letter like the c in .com or typed c before the period in their haste. The resulting web address ends with .om, which is the country code for Oman. Hundreds of well-known names have been targeted by .om typosquatters.
Another well-documented domain that has popped up as a variety of scams over the years is goggle.com prior to Google’s long battle to finally acquire the domain.
This highlights one of the problems with regulating website registrations. Clearly goggle.com benefited from the misspelling of google.com but, because it’s a generic word, it didn’t violate any of Google’s trademarks resulting in the long process of acquiring control of it.
The obvious tip is to slow down and make sure you’re spelling things correctly. If it’s a site you’ll be visiting frequently, create a bookmark or shortcut to it for future visits.
If you aren’t sure about the spelling of a website, type the web address in without .com so that it turns into a Google search. Google’s autocorrect page ranking algorithm or “did you mean” engine will kick in to most likely point you to the legitimate resource.
As far as legitimate support from a specific company goes, try typing the company’s web address followed by /support (ex: hp.com/support) as this is a pretty standard method used by tech companies.
The best way for companies to protect themselves against typosquatting is to register the misspelled versions themselves and redirect the traffic to the proper address.
Facebook, for instance, registered commonly misspelled versions of their site such as facebok.com and facbook.com, which redirect users to Facebook.com.