Security Bytes

Dec 20 2011   3:25PM GMT

Typosquatter hive targets holiday shoppers


Every year the holiday season is a boon to typosquatters using scams to phish unsuspecting users of sensitive information or peddle rogue antivirus software.

By Hillary O’Rourke, Contributor

With the hassle of finding the best deal and coping with the constant crowds, online shopping has never been more popular for the holiday season. But with that ease comes a warning from Websense: keep an eye out for online scams, particularly typosquatted sites.

Researchers at security research company Websense, Inc. are warning online holiday shoppers of typosquatted online domains, domains that cybercriminals have registered that are virtual but malicious copies of familiar sites in hopes of taking advantage of those who misspell the URL.

Websense researchers have claimed they’ve recently found more than 2,000 typosquatted online domains set up. Websense published a list of domains it found as part of a network of typosquatters, attempting to pose as a legitimate UK brand-name sites.  Websense said it has a “list of hundreds of hosts that are part of a typosquat hive (the hive itself contains thousands of hosts), and all of them are hosted in the US. We call it a hive because all of the listed hosts have a connection, and were most likely set up by the same cybercriminals.”

Researchers are also claiming that although the brand names may be spelled correctly in the domain, cybercriminals have created sites with the “.org” or “.net” domain suffixes as well. They added that they’ve seen a recent influx of these fraudulent domains in preparation for the holiday season.

The attackers often use these websites in fake emails and phishing sites in an attempt to lure consumers to claim online coupons. After a user clicks on the provided link, a pop-up shows up in another window with a different offer.

It’s important to remember that legitimate websites and the companies behind them sometimes employ a strategy of buying typosquat hosts that are similar to their site’s name. This is a good strategy for successful websites, as those companies usually understand the dangers of typosquatting and how their brand name can be affected and abused. Kudos go to Amazon, which registered a good number of potential typosquat hosts, including aqmazon (dot) com, amaxzon (dot) com, amzon (dot) com, and many more. These are all GOOD hosts registered by Amazon itself, leaving no chance for abuse as long as they remain registered to Amazon.

Typosquatting is used to quickly gain advertising revenue from sites receiving a high volume of accidental traffic. More recently, however, it’s often more about collecting as much information as the cybercriminals can get. With the holiday season in full swing, cybercriminals should expect to see success in both of those areas.

As the Websense says, it’s all “to ensnare the unaware.”

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: