I woke-up on one morning a week or so ago, turned on my computer, started the coffee, and returned to my desk. I noticed an ad for Nordstrom’s half-yearly sale while reading some emails. The coffee maker beeped, I went to the kitchen and poured a cup. Still half-asleep, I returned to my computer and decided it was time to look at bathing suits and why not at Nordstrom? So I typed Nordstrom.com into my browser – only, it came out ‘nodstrom.com’. I expected to be redirected to the department store’s site but instead I was taken to a generic website asking me to take a survey.
My innocent web journey had been hijacked by a TYPOSQUATTER trying to separate me from my personal information with the possibility of a prize.
Once I got to work, I decided to recreate the typosquatting redirect on different browsers. Chrome and Safari redirected to http://super-savings.yamahaonlinestore.com/home.html?
Firefox redirected to http://global promotions.internationalredirects.com/home.html
For all three browsers, once I was redirected, I hit the ‘about us’ button. This is what I learned about the “us”, unidentified except for the name in the address bar supersavings.yamahaonlinestore:
“We are an online marketing company. We collect information about you when you visit and/or submit certain personal information through our website. This personal information may include, but is not limited to your:
- e-mail address;
- full name;
- mailing address;
- telephone number;
- date of birth;
- IP address;
- payment information;
- information about your background, interests, health, education, career goals, and shopping preferences; and
any other information which you provide to us through our website.”
That’s a lot of personal information – I mean, I guess you might win an ipad, right?
I decided to dig a little more – removing the ‘supersavings’ from supersavings.yamahaonlinestore to find out about the company “yamahaonlinestore”.
And I got what appears to be a cybersquatted website held by someone trying to capitalize off of legitimate Yamaha companies. Using Domain Tools, I was able to determine the registrant was probably a domainer since he/she owns over 400 other sites but also that the registration information for nodstrom.com is private.
This “private” registrant is redirecting Nodstrom.com to supersavings.yamahaonline and collecting information from anyone who, like me, didn’t have enough coffee before trying to get to Nordstrom to buy a swimsuit on sale.
“This is a great example of how, through multiple redirects, typosquatters and cybersquatters take advantage of brands – in this case, Nordstrom and Yamaha – to make money,” explains Josh Bourne, one of the two partners of FairWinds Partners. “Unfortunately, they’re making money by using a legitimate brand’s name to attract pay-per-clicks and data mining – which hurts the brand’s credibility and draws customers away from the legitimate sites. A strong domain portfolio evaluation, including reclaiming cybersquatted sites and redirecting those high-value sites to the websites of the brand, can result in an increase of traffic and therefore revenue for many companies that don’t even realize traffic is being siphoned away.”
I asked a FairWinds consultant to run some traffic for me. Nodstrom.com gets an average of 1165 pairs of eyeballs per month (over the last 12 months). In the most recent month, however, it got 1409 – perhaps because of the sale I was hoping to hit up. Sale or no, the siphoning of traffic – and with it, revenue – stands to get worse when more cyberspace opens up thanks to the new gTLD program. Cybersquatters and typosquatters could end up redirecting hundreds if not thousands of domain names in new top level domains (which could include, for example, .SHOP). In the meantime, to avoid reaching a cybersquatted website and being annoyingly re-directed, I recommend having plenty of coffee when signing-on in the morning.
- Cyber Monday 2018: Analyzing the DNS to Uncover Threats to Businesses and Consumers - November 25, 2018
- Beyond the Dot: Featured Speaker Scott Bradner discusses GDPR - March 28, 2018
- Cyber Threats on the Rise:Protect Your Brand - February 20, 2018