’tis the season to be squatting

In the run up to Christmas criminals are abusing the opportunity to prey on online shoppers with tired eyes and weary fingers. Many thousands of misspelled versions of popular retail destinations have been registered by criminals in the hope that the unwary consumer will land there by accident. Customers of popular online retailers such as John Lewis, Debenhams and Argos have all been targeted.

Image from Joe Shlabotnik's Flickr stream under creative commons

The criminal websites are often copies of the legitimate website, copies that aim to pass off counterfeit goods, redirect the visitor through money-spinning advertising links or to harvest personal and financial information if a “purchase” is made. In other instances the misspelled domain names can lead to objectionable content or even to websites loaded with exploits that aim to infect the victim machine with information stealing malware or to recruit it into a botnet, a network of compromised machines under the remote control of a criminal.
Typosquatting has been around almost as long as the world-wide web, in fact US legislation dating back to 1999, the Anticybersquatting Consumer Protection Act, contains a specific clause (Section 3a) aimed at combatting this phenomenon. In the past individual companies have been known to spend large amounts of money in bringing cybersquatters to justice. Lego, for example, have previously spent more than half a million US dollars pursuing cybersquatters through the Uniform Domain-Name Dispute-Resolution Policy (UDRP) going after such domain names as legoworskhop.com in and effort to protect their brand.
However in this most recent outbreak of typosquatting, we are not talking about domain names which simply include the names of well-known brands, rather those that prey on our lack of attention to detail. In the rush to get the online Christmas shopping done, how sure can you really be that you were shopping at the legitimate debenhams.com rather than the typosquatted debanhams.com, or marksandspencer.com rather than marsandspencer.com or markandspencer.com (I would recommend *not* visiting these by the way.
This year and last, British law enforcement have been doing their best to crack down on dodgy online shopfronts, however efforts to suspend illegitimate domain names can only ever represent a game of whac-a-mole in the fight against evil online traders. Criminals can register vast reserves of domain names in advance and, when one gets shut down,  simply activate another as required.
And that is the real issue, far too many DNS domains, including .co.uk and those of many other countries, are operated as “open” domains and in the words of Nominet
We do not impose restrictions on your status as applicant for the registration of a Domain Name in the following SLDs (“Open SLDs”):
 1. 4.4.1 .co.uk; or
2. 4.4.2 .org.uk.
In the SLD Charter of the SLD Rules for the Open SLDs we do set out certain intentions regarding the class of applicant or use of registrations of the Domain Name which we assume you will comply with when applying for a registration of a Domain Name within an Open SLD. However, we do not forbid applications, and will take no action in respect of registrations that do not comply with the SLD Charters
Until regulation is tightened and international cooperation is improved then well-intentioned law-enforcement initiatives will only be treating the symptom not addressing the cause.
In the meantime, be careful where you click and if you are planning on some serious online shopping sessions you may be wise to create yourself some bookmarks to popular online shopping sites rather than relying on your typing skills standing up to the Christmas rush.
On that note here are 5 great tips for shopping safely online from Trend Labs.

4 thoughts on “’tis the season to be squatting

  1. Pingback: 你累了嗎?狂歡後,眼睛疲勞,小心按錯鍵,電腦成犯罪集團操​縱的傀儡電腦 | 雲端防毒是趨勢

  2. Pingback: 新年網路購物,按錯一個鍵,電腦成殭屍網路一員 | 雲端防毒是趨勢

  3. Pingback: 聖誕網路購物,按錯一個鍵,電腦成殭屍網路一員 | 雲端防毒是趨勢

  4. Bestpricebid

    Thanks for giving that type information.That information is so helpful to us.Will be visit again on your website.


Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.