View All Cybercrime

Typosquatters exploit misspelled variations of YouTube.com domain name

By Rodel Mendrez  •  September 8th, 2011  •   Cybercrime

Here is a scenario that may sound familiar to you. You were in front of your computer one night and decided to watch some YouTube clips. So you opened your favourite browser and because you have clumsy fingers, instead of typing “YouTube.com” in the address bar you entered “YoutTube.com”.  A second later, a Web page loads up, but instead of YouTube’s homepage, the page redirects you to an online survey. You got confused and didn’t expect this webpage, but since the website looks like the real YouTube site, and you get a chance to win an awesome Macbook Air, iPhone 4 or an iPad 2, you decided to take the plunge anyway.

 

Welcome to typosquatting. Typosquatting is a form of cybersquatting where someone registers an intentionally misspelled domain name which is nearly identical to the target’s brand name and takes advantage of users who mistakenly enter misspelled domain names. Typosquatting is not a new phenomenon but it is widespread. Only last week the folks at OpenDNS observed a typosquatting scam driven off Twitter’s domain.

In our YouTube example, traffic is redirected to the “online survey” website videorewardsonline.com when the user enters YoutTube.com. According to Alexa.com, the domain videorewardsonline.com was only created on August 24 and has had a rapid spike in traffic with a 29% increase in the percentage of global page views. We believe this spike was due to users being redirected by typosquatted domain names.

We have found the following misspelled variations of “YouTube” domains redirecting to either, a “survey” website, or to an online dating website.

Yotube.com

Yutube.com

Yuube.com

Youtbe.com

Youtue.com

Youtub.com

Youube.com

Tubeyou.com

Yutbe.com

Outube.com

Yotub.com

Yutub.com

Youtbue.com

Youttube.com

Yyoutube.com

The survey website also caters for localized versions of itself. It utilizes the IP address geolocation to make it appear more convincing. In the screenshot below, a German webpage is shown if you are located in Germany.

At first glance, the survey website looks rather harmless. However, in order to participate and “win” prizes it requires entering your email and mobile number. At this point you may feel that this is starting to look somewhat dodgy.

 

However, the worst part comes after you enter your mobile number. The screenshot below shows that main purpose of the “survey” is to convince people to subscribe to an auto-renewing SMS subscription service which will be charged to the user’s phone bill.

 

You can clearly see how the people behind this typosquatting scam take advantage of an organization’s strong visual brand to trick unsuspecting users in parting with their personal information. In this case, by imitating YouTube’s look and feel, the scamsters piggyback on that brand’s trust to make the “rewards” seem genuine.

Be careful what you type in your browser’s address bar, and always read the fine print to avoid being scammed.

 

Tags:    |    |    |    |  

Comments are closed.