Typosquatting is the registration of domain names similar to or closely resembling important websites or web services. The idea is that users will mis-read the false name and assume that they are visiting a well known and trusted website. It usually involves slight changes to the legitimate name, or switching numbers and characters, such as 1 for l, or 0 for O.
Security firm GFI has noted that the spam site rewardz.com has risen into the top 250 ranking websites according to the visitor ranking Alexa service; and it believes that this has largely been caused by typosquatting on Twitter look-alike domain names. While many of the other big names, such as Google and Facebook, have sought to register potential typosquat domain names so that they cannot be mis-used, Twitter has failed to do so. GFI has found a number of look-alike names, such as twittter.com, twitterr.com and twutter.com, registered to attackers.
The process, according to GFI, is that the false site sends the user to a redirect site that points to the spam site. It gives the example of ‘ttwitter.com pointing to secredir.com/?sov=ttwitter.com pointing to video-rewardz.com?sov=124966’.
At the time of writing, twutter.com redirects to socialupdatecentral.com and offers the possibility of getting a free Macbook Air, iPhone or iPad in exchange for taking part in “a short survey of our users”. The deception is maintained by using Twitter colors and typefaces, including a ‘thank you’ bar. The message also attempts to be more personal by including the relevant geographic location: “You’ve been selected from the nnnn region to take part.” It will take less than a minute, enhance your user experience and might get you a free Macbook. All you have to do is press the ‘Start Now’ button – which of course no user should ever do.