According to Rodel Mendrez of the firm, the problem occurs when you mistype in the web address of a popular page, such as YouTube, and you end up at a page with an online survey.
“You got confused and didn't expect this web page, but since the web site looks like the real YouTube, and you get a chance to win an awesome Macbook Air, iPhone 4 or an iPad 2, you decided to take the plunge anyway”, he says in his latest security posting.
“Welcome to typosquatting. Typosquatting is a form of cybersquatting where someone registers an intentionally misspelled domain name which is nearly identical to the target brand name and takes advantage of users who mistakenly enter misspelled domain names. Typosquatting is not a new phenomenon but it is widespread. Only last week the folks at OpenDNS observed a typosquatting scam driven off Twitter's domain”, he adds.
In the YouTube example, Mendrez reports that traffic is being directed to videorewardsonline.com, an online survey created just a few weeks ago, since when it has seen a major spike in traffic. And, he adds, there are a lot of other YouTube squats taking place.
At first glance, he notes, the survey site looks rather harmless, but it does harvest your email and mobile phone numbers, the latter of which allows the site to exhort the user into signing up for an auto-renewing text message subscription service – which is where they derive their revenue, Infosecurity notes.
“You can clearly see how the people behind this typosquatting scam take advantage of an organisation's strong visual brand to trick unsuspecting users in parting with their personal information. In this case, by imitating YouTube's look and feel, the scamsters piggyback on that brand's trust to make the rewards seem genuine”, he says.
“Be careful what you type in your browser's address bar, and always read the fine print to avoid being scammed”, he adds.