THE BLOG
11/27/2013 04:42 pm ET | Updated Nov 25, 2014

Cyber Safety on Cyber Monday

Last year on Cyber Monday, consumers spent $1.98 billion shopping online, topping Thanksgiving online sales by 17 percent. That's a serious amount of electronic traffic, which provides ample opportunities for bad actors to sneak their scams and fraudulent offers in among the deals. The best way to stay safe as you shop online this weekend is to be alert and aware of the realities of the Internet.

To look at some of the potential pitfalls facing shoppers this season, the Coalition Against Domain Name Abuse (CADNA) examined the registered typo variations of the top 100-trafficked websites as determined by Interbrand. We found 2,089 domain names in this category. We then examined the registration information and content for each domain.

The data showed that only 19 percent of the domain names resolved to the target content, which means the marketplace is full of bad actors trying to fool consumers.

So, as you go online to nab gifts for your loved ones (and maybe pick up something for yourself as well), here are a couple of common diversions and deceptions to watch for and navigate away from:

The Pay Per Click (PPC) Site

Pay-per-click (PPC) sites are the most common websites you'll come across on a typo domain --PPC advertisements are tools used to monetize the internet user traffic that arrives at a domain name. They are simple to set up -- there are companies that provide "parking" services that will automatically populate the site with advertisement links related to the domain name. 32 percent of domain names that CADNA examined fell into the PPC site category.

2013-11-27-PPCSite.png

Advertisers opt in to programs that post ads to websites -- for example, a cookware advertiser would do well to have its ad seen on a cooking blog -- and pay according to the number of clicks a particular ad receives. Whenever an internet user clicks on an advertising link, the advertiser pays a fee that is split between the company that provides the parking service and the domain name owner. In many instances this is a legitimate source of passive income for a domain name owner and an advertising boost for the advertiser. But on cybersquatted sites, retailers are basically paying cybersquatters for the retailer's own traffic. While these sites are minimally disruptive to internet users, they are like parasites, feeding off the good name and work of others, so it is still best to avoid them when you can.

The Scam/Malware Site

Chances are, you've had the experience of typing a domain name into your browser bar expecting to navigate to a brand or social media site, only to be met with prompts to enter information for a prize or, perhaps, prompts to download files from the website. Downloading an attachment from such a website means exposing your computer to harmful malware, which could extract personal information that could be saved on your computer.

2013-11-27-Scamsite.png

Two percent of the sites CADNA examined hosted scams or potentially harbored malware. Both scenarios could expose you to fraud or theft so don't fill out any personal information or download attachments from a website you're not familiar with or aren't in the habit of using in that way.

The "Affiliate" Site

Some brands offer affiliate programs, which allow third party website owners to post the brands' links and banners on the third party site or to send traffic to the brand's site directly through domain forwards (watch what happens in the browser bar -- you'll notice the redirect). In return, the owner of the site hosting the link receives a commission for every click-through that results in a purchase. These affiliate programs are meant to be mutually beneficial: Brands get traffic funneled to their sites, and their affiliates can earn a commission by providing that service. Three percent of sites examined were labeled as affiliate sites.

Affiliates are in violation of the brand's agreement, however, if they register and enroll trademark-infringing domains. Many sites on typo-domains are not operating under the authority of the target company. Take, for example twtter.biz:

2013-11-27-Affiliatesite.png

This may look like the page redirected you to Twitter, but logging in here takes you to a video on YouTube. Similarly misleading sites could do more than just redirect attention -- some sites dupe Internet users into divulging personal information, purchasing counterfeit goods (or goods that will never come at all), or expose their computers to harmful malware. Don't assume that a typo domain has the blessing of the brand it appears to be associated with. It is best to stick with a brand's clearly communicated domain names.

So don't let the tryptophan in your turkey lull you into a false sense of security. Be careful this holiday season: Only visit sites that have been clearly advertised. Double check the spelling in the address bar if something looks a bit off. Don't divulge personal information where you're not used to doing so. And don't download suspicious-looking attachments.

Happy bargain hunting!