One of the many reasons more than 30 million people around the world choose OpenDNS is a feature called automatic typo correction.  It works by automatically redirecting common typos in top-level domains (.com, .net, .edu, etc.) to the right place, so if you type www.google.cmo, and that domain doesn’t exist, we just automatically take you to www.google.com.

Although this feature helps with a tremendous amount of typing mistakes and enables people to stay on-course online, an increasingly popular phenomenon called typosquatting means there are still typos we can’t fix, some of which are much more precarious than a dead end.  Typosquatting is what happens when someone registers a domain that’s nearly identical to that of a popular brand: Twtter.com and Twitter.com, for example. It banks on the idea that a fast-fingered typist may not notice that she’s arrived at the unintended site due to an omitted “i”. And since the typo exists in a real, registered domain, we don’t interfere.

Screenshot
Twtter.com is a particularly tricky example. In the case of this site, the typo — an omitted “i” — might not even be apparent at first glance.  The people who run this site are clearly trying to capture typo traffic destined for Twitter.com.  And regardless of the fact that the site has a URL redirect (the domain in the address bar changes after the site has been resolved), the blatant use of Twitter’s well-known design themes prove the site is aiming to fool people into thinking it’s the real website of Twitter.

Typosquatting is not new, but this sort of high-polish, branded version seems to be on the rise.  In the case of Twtter.com, the Twitter.com imposter, the site’s entire function is to get your contact information. A very appealing offer is presented to answer two survey questions and get what is, by all accounts, an awesome prize: an iPad2. It’s unclear what will happen with your personal information once it’s in the wrong hands — it could range anywhere from being used to send SMSs to your cell phone that you get charged for or simply selling your email address.

As with any online threat, protecting yourself and those people using the networks you manage starts with education.  Here are three tips for outsmarting typosquatting:

1. Use OpenDNS:  It’s the only service that will automatically correct common typos in TLDs, and help ensure you end up at the website you want.  OpenDNS solves a large portion of the problem, and also automatically blocks phishing websites.

2. Watch the address bar:  Legit websites rarely do redirections like Twtter.com does.  Keep an eye on what the site is doing and note suspicious redirects.  Also simply note the URL of the website you’re visiting after you’ve been taken there. Is the site the one you wanted? Did you make a typo?

3. Don’t share your personal information:  If a website offers you a chance to win a prize, simply for providing personal information or taking a survey, be skeptical.  You should never share your personal information online unless you’re on an extremely trusted website.

For businesses, schools and households alike, online safety is of the utmost importance. And it’s all about education.  Know what to look for and you can outsmart much of the bad stuff.  And use OpenDNS and tell others to do the same.

We’d love to hear your thoughts:  We’re considering an opt-in service that would let people avoid these kinds of unintended redirections.  Even in cases like that of Twtter.com, where technically it’s a real, registered website.  What do you think?  Would you use such a service?

This post is categorized in: