A man who made a one-letter typo in a web address for Costco found out what it means to become a victim of typo piracy.
Last year, while looking to visit the Costco website, Allen Stern unknowingly mis-spelled Costco in his browser.
"C-o-s-t-o-c-o. There's an extra "o" in there," he said.
Yet, Allen said the website that loaded looked legitimate.
"It even had the Costco logo and brand, so of course I thought it was Costco and I thought I had gone to Costco.com," he explained.
The page asked Allen to do an eight-question survey. As a "thank you," Allen was offered a free bottle of face cream if he paid shipping.
Allen called the Responds team after four $97 and $98 charges appeared on his credit card for a cosmetic "membership." He returned the cream and complained to Costco in writing.
"How could you do this? How could you support this? And, Costco wrote back and said, 'This wasn't us,'" Allen said.
We shared Allen's experience with technology analyst Carolina Milanesi, and we learned a new term: "typo piracy." That's what the tech world calls the misuse of misspelled web addresses to possibly rip you off.
"These people have no limits to how they try to get you," said Milanesi.
She said some sites collect a finder's fee for redirecting poor spellers to other sites. Some masquerade as a real site and dupe you into buying something. The worst case is a typo that leads to a scam site or malware.
"You could end up having your identity stolen," she explained.
Milanesi said "typo piracy" is too complicated to fully unravel. But, the Responds team tried with "Cost-o-co."
First, we searched public registries and found that address registered in Russia to a person named Vladimir Snezko. That name is linked to other web addresses with typos: Marriiott.com, with an extra "i," Vrizon.com, missing an "e," and Southwesr.com, one letter off from Southwest.com.
When we loaded "Southwesr" it used southwest airlines' name and had a survey, just like the Cost-o-co site.
That's not the only similarity: Several people posted glowing comments on the southwesr page. Well, those same people also endorsed the cost-o-co page in the exact same order.
The real Southwest and the real Costco told us they have no connection to these sites. They never asked for the surveys or authorized the use of their name or logo.
So, we had questions for "Vladimir Snezko." The Responds team sent messages to Moscow, but never heard back.
When we cross-referenced the e-mail addresses Snezko used to register his sites we found more than 500 other websites, each off by just a letter or two from brand names like Google, Toyota, Disney, Fidelity, Sprint and eBay, each waiting to capitalize on your careless tap on a keyboard.
After we started asking questions, Southwesr shut down the survey.
So did Cost-o-co. But it was too late for Allen. As it turns out, he works in digital advertising and internet security is part of his job. He's speaking up because he says if he fell for "typo piracy," anyone can.