McAfee SiteAdvisor Blog

Is your typing absolutely perfect? Of course not. It's easy for anyone to enter gogle for google, or tahoo for yahoo. Many of these misspellings are totally harmless. Tahoo is a green rated Japanese site. Anyone who visits it by accident quickly notices their mistake and heads for Yahoo instead.

But that's not always the case. As with so many other Web safety mistakes people make, there are people out there waiting to take advantage. One of the most common scams is called typosquatting - the act of buying up common misspellings and waiting for people, and profit, to stumble in. When someone arrives at the page by accident, the squatter typically shows them ads, hoping to make a few cents if someone clicks on one. As more people click on on the ads, those cents add up. It doesn't take a lot of traffic to make a profit. According to an analysis by Microsoft a parked domain needs only one unique visitor every two days to cover its basic costs.

Because typosquatters are sites people usually want to avoid, and because they sometimes bring users to even less savory locations or show pornographic ads, SiteAdvisor recently started rating them yellow. We wanted to share a few interesting finds.

One domain site that's attracted a lot of typosquatters is the mortgage site LendingTree. In fact, we found 77 misspellings designed to cash in on LendingTree's popularity. There's big money to be made in mortgage referrals, so it's not surprising that there are a lot of people seeking to cash in, ethically or not. Let's start with lewndingtree.com, a rather typical typosquatter: it's just a placeholder page full of mortgage and home-finance related advertisements. For some people, that's mildly annoying, but it's not too difficult to notice and head back the other way. However, some fraction of lendingtree.com searchers will click on one of these sponsored links which in turn will pay the owner of "lewndingtree" a fee. Since they don't fill the screen with popups or try to compromise a visitor's computer, we count them as merely annoying.

A typosquatting web page with advertisements.

Another common variation is redirecting users to the site they meant to go to, but charging the destination for the service. In this case, the consumer doesn't suffer, but LendingTree does, because it pays the parasite for the traffic. For example, "lsndingtree.com" redirects to a LendingTree page with affiliate-tracking in the URL. In other words, they're billing LendingTree for a new customer referral as though they had made a recommendation the user actually considered-- while that user was already going to the site anyway!

Other redirects include lenndingtree.com, which immediately sent us to a site advertising a very expensive exercise contraption, and le.ndingtree.com, which seemed to be full of ads for different kinds of tree-related advice and services. It just seems totally bizarre to serve these kinds of off-topic ads when you know your victims want to hear about mortgages. Perhaps it didn't make sense to the typosquatters, either: the first site disappeared some time last week.

We were redirected to this page from another typosquatter.

Of course, that doesn't mean that every typo is an invitation to trouble. For example, Google owns gogle.com, which redirects visitors to the main Google page without a word. Still, no matter how many misspellings they do buy, legitimate Web sites can't get all the variations on their names, and there are plenty of targets: the owner of "lsndingtree.com" also owns a similar site, "hritishairways.com," aimed at poaching traffic from British Airways.

In the future, we'll look at other aspects of typosquatting from the economics of typosquatting to the science of picking which misspellings will get the most traffic. In the mean time, be extra careful typing the URL for financial services sites.