• United States



by Sophie Curtis

Typosquatters Target Christmas Shoppers: Websense

Dec 14, 20112 mins
Data and Information SecuritySecurity

Cybercriminals are tageting fumble-fingered online shoppers

As online shoppers rush to buy presents in the run up to Christmas, security researchers have put out a warning to beware of “typosquatters,” who prey on cack-handed typists that misspell domain and website names.

In particular, customers of major high-street brands such as Argos, Debenhams, and John Lewis are falling victim to cybercriminals that target mistyped web addresses. With British consumers expected to spend 3.72bn online this Christmas, this typosquatting is becoming an extremely lucrative business.

Websense claims to have discovered nearly 2,000 typosquatted domains, including: “debenahams”, “johlewis” and “argoss.” Typing these domains often leads to a page imitating the retailer in question, and encourages users to enter their credit card information. Alternatively, the site might inject malware or infect the user’s system with spyware.

It also claimed that cybercriminals are registering variants of legitimate sites with false suffixes such as ‘.org’ or ‘.net’. In October, Websense noticed that cyber criminals were registering huge numbers of fake website domains in preparation for the Christmas shopping spree.

“Cybercriminals are scary smart at enticing Christmas shoppers to unwanted sites,” said Elad Sharf of Websense Security Labs. “Whilst this looks like a consumer problem, typosquatting also puts company confidential data at risk as many employees shop from work computers at lunchtime.”

Sharf said that, while careful typing can help ensure company machines are not compromised by staff using them for online purchases and other non-work related activity, it will never be enough on its own. He recommends that companies install real-time email and web security, along with solutions that prevent theft and loss of confidential information. “That way you can stay safe no matter how bad a tyspist yu aree,” he added.

A similar issue has arisen over the launch of the adult .XXX domain by ICM Registry. Many have argued the .XXX domain is a burden for businesses that wish to protect trademarks against domain squatters, who can otherwise buy trademark domain names under the .XXX top-level domain.

Websense’s security predictions for 2012 highlight the growing risks of social engineering, mobile device attacks and SEO poisoning. The full list can be found here.