Internet surfers who misspell the name of a popular website have a one in 14 chance of landing on a site owned by someone trying to capitalize on your poor typing skills, a McAfee report revealed today.
The URLs of these "typo-squatting" sites typically are a letter off to the real thing – for instance, Iohone[dot]com or google[dot]cm. But instead of legitimate content, they contain pay-per-click advertisements, McAfee said in the research report, which studied 1.9 million typographical variations of 2,771 of the most trafficked websites.
So instead of being delivered to Apple's webpage designated for information and sales on the iPhone or Google's popular search engine, a simple press of the wrong key may bring a user to a parked site that contains rows of advertising links. Most of these sites do not contain malicious content, such as malware, although 2.4 percent lead to pornographic sites, according to the McAfee study.
"It is a site trying to capture traffic designed for a well-known product, company or person and it's doing it by registering one, dozens and sometimes hundreds of spelling variations," McAfee research analyst Shane Keats told SCMagazineUS.com today. "The existence of typo-squatters proves that people make money on typo-squatting."
The registrants of these sites profit through ad networks, notably Google AdSense, which offers text-based ads relevant to site content pages. Typo-squatters earn roughly a quarter each time a user clicks on one of the ads, which typically relate to the product or service the user wants, experts said.
"Google releases advertising into their syndication network," Josh Bourne, president of the nonprofit Coalition Against Domain Name Abuse (CADNA), told SCMagazineUS.com today. "It can appear on any type of website that Google syndicates its ads to, and those include pay-per-click websites."
Sites for games, airlines, mainstream media and adult content are the most commonly squatted internet destinations, and more than 60 percent appeal to the 18-and-under demographic, the McAfee study showed.
"Some of these sites can be quite deceptive," said Ben Edelman, an adware researcher and an assistant professor in the Harvard Business School. "You type one thing and you get taken to another page where they're offering you something different."
Edelman told SCMagazineUS.com that creating one of these sites takes nothing more than a few dollars to register a domain name which shares a likeness to a legitimate site.
"It's a business with very low barriers to entry," he said.
But careless typists would not have to worry if it weren't for ad networks, such as Google, he said.
Edelman is representing Vulcan Golf, which sued Google this summer. The St. Charles, Ill.-based golf club manufacturer filed the suit on behalf of all sites who believe they are victims of trademark and copyright infringement due to cybersquatters.
"None of this would happen if the typo-squatters couldn't make money," Edelman said. "They're only doing this to make money. The natural question is, ‘Who is paying for it?' When you look at it that way, all arrows point to Google."
A Google spokesman did not immediately respond to a request for comment.
Meanwhile, Keats said that fighting typo-squatting sites takes a lot of time and money. As an alternative, he suggests that users be careful when they type domain names into the address bar and may instead opt for using search tools, many of which automatically generate a correction request should a popular search term be misspelled.
"If you end up at a typo-squatted site, resist the urge," he said. "They're designed to get you to do another click…You honestly don't know where you're going to end up."
