Orbitz Typosquatter

Posted by on Feb 11, 2013 in Affiliate Fraud, Mad Monday, Typosquatting

We have discussed typosquatting enough to know that it is most definitely not a solved problem.

Today’s example brings nothing new to the table, but it’s interesting nonetheless. Type orbuitz.com (a fat-fingered typo of orbitz.com) into your browser and you will be redirected through to orbitz.com via an affiliate link (Google Affiliate Network pubid=21000000000018829). Since the Google Affiliate Network is involved, this typosquatter will be paid a commission in the event that the user who typed in orbuitz.com makes a purchase from orbitz.com.

The typosquatter in this scenario may insist that he is providing a service to Orbitz

“Hey I’m just helping users who made a mistake get to your site!”

You and I know that’s absolute drivel. Had the typosquatter not registered the domain, then any modern browser would have detected that it does not exist and sent that off as a query to a popular search engine, resulting in organic traffic flowing as it rightfully should through to the merchant. The traffic belongs to the merchant. The traffic should not have to be paid for. End of story.

Does Orbitz have a relationship with this Typosquatter?

The surprising part about this little example is that Orbitz probably does have a relationship with this typosquatter.

What are you talking about?!

Orbitz (the merchant) probably sees great conversions from the typosquatter (an affiliate), so they don’t question the source of the traffic. They don’t have any reason to do so, you see, for the typosquatter is laundering the traffic before sending it through to Orbitz. Shock!

Using this packet log as a reference, here’s how this works:

  1. User enters orbuitz.com into the browser
  2. This 302 redirects to http://www.linkcounter.com/go.php?linkid=297379
  3. Linkcounter.com then 302 redirects to http://www.e-o-k.com/otbr.htm
  4. JavaScript on the e-o-k.com page waits half a second and then fakes a click on an Orbitz affiliate link!
function link()
{
  setTimeout("document.getElementById('mylink').click()",500);
}

The net result is that Orbitz is seeing the traffic come from e-o-k.com and not the typosquatter domain.

I give this typosquatter a 2/10

  • 1 point for basic typosquatting
  • 1 point for laundering the click through e-o-k.com

Oh my, what a bad score. Lots of room for improvement here!

« »

6 Comments

  1. Jamey
    February 12, 2013

    Hey Wesley or Brandi…dont u think this is click jacking as well coz i noticed the forced click seems to be a google ad…strange!

  2. wesleyb
    February 12, 2013

    Nope. This is not click jacking as I understand it (the user is not tricked into clicking anything). This is a forced/automated click on a Google Affiliate Network link.

  3. BrandVerity
    February 12, 2013

    Great find, Wesley. Unfortunate that this exists—but we’re glad someone is discovering such issues.

    Regarding the comments above, you’re almost certainly right. There isn’t much to indicate that this came from an ad. Neither in display nor search. We’re not at liberty to discuss in too much detail, but we work with Orbitz and their monitoring policies don’t indicate any of the behavior that Jamey mentioned.

    We’ve reached out to Orbitz with the information you’ve posted here. Much appreciation for the discovery.

  4. Jamey
    February 12, 2013

    Oh ok…thought that was click jacking…my bad!Gota love how this guys defraud even multi billion companies such as google!

  5. wesleyb
    February 12, 2013

    Google is definitely the target of fraud, but not so much in this example. This is because GAN (Google’s Affiliate Network) is responsible for connecting Orbitz (the merchant) to the typosquatter (an affiliate). In the event that the affiliate is paid a commission from the merchant, well GAN takes a cut too. One can’t help but question incentives in these types of scenarios: more fraud (cookie-stuffing, typosquatting or otherwise) means more money flows to the affiliate network. Is it within their interest to thwart this activity?

    This is not an easy question to answer. Stay tuned..

  6. wesleyb
    February 12, 2013

    Happy to help. This affiliate has his hands in a few other pies as well. Be sure to get in touch for more detail.