2 min read

Beware of typo-squatting domain names on Cyber Monday

Security

More than 80 per cent of typo-squatted domain names associated with holiday shopping receive significant levels of traffic and contain phishing scams, malware, or pay-per-click advertising, according to a recent study of top internet retailers.

The study, conducted by FairWinds Partners, analyzed thousands of typo domain names related to 50 of the top brands included on Internet Retailer’s Top 500 companies list.

“Traffic measurements show that people are still visiting typo-variations of brand name Web sites in significant numbers, despite the growing popularity of mobile apps and search engines for online navigation. And many of these people are at risk of becoming victims of identity theft or having their computers damaged by malware as a result of these sites,” explained Joshua S. Bourne, domain name expert at FairWinds and author of the study.

Consumers should pay extra attention to online scams around the holidays, the Better Business Bureau recently advised, and the internet shopping frenzy officially begins on November 28, a.k.a. “Cyber Monday.”

One example associated with typo-squatted domain names is barnesandnobles.com. The actual Web site name is without the “S” at the end. Or you can type in bn.com.

As of the date of this release, this third-party owned domain name is serving up rotating malicious content, including pages claiming to have locked users’ files and demanding payment to release them or inviting users to click to download the latest Adobe Flash Player. Instead of receiving the promised download, the visitor’s device is compromised.

People aren’t the only victims of this type of cyber-squatting. In addition to harming customers and damaging brand reputation, pay-per-click advertising represents lost business opportunities as visitors are diverted to other websites.

Bourne recommends that companies protect consumers, their brands, and their profits by taking immediate action against typo domain names with the most malicious content, such as malware and phishing scams. For domain names owned by third parties that do not contain malicious content, but undermine the brand by diverting visitors to a competitor or driving up customer acquisition cost, Bourne recommends carefully targeting a more limited and objectively quantified set of domains to acquire.

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment