Most parked domains now promote scams and malware
NEWNow you can listen to News articles!
Typing a web address directly into your browser seems harmless. In fact, it feels normal. But new research shows that a simple habit is now one of the riskiest things you can do online. A recent study by cybersecurity company Infoblox reveals a worrying change.
Most parked domains now redirect visitors to scams, malware, or fake security warnings. In many cases, this happens instantly. You don’t have to click on anything. That means a single typo can expose your device.
Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.
What are parked domains?
Parked domains are unused or expired web addresses. Many exist because someone forgot to renew a domain. Others are deliberate misspellings from popular sites like Google, Netflix or YouTube. For years, these domains displayed harmless placeholder pages. They displayed ads and links to monetize accidental traffic. While they were annoying, they rarely posed a serious danger. That is no longer true. Infoblox found that more than 90 percent of visits to parked domains now lead to malicious content. This includes scareware, fake antivirus offers, phishing pages, and malware downloads.
A single misspelled web address can redirect you from a trusted site to a dangerous parked domain in seconds, writes Kurt Knutsson. (PeopleImages/Getty Images)
Why direct navigation has become so risky
Direct navigation means handwriting a website address instead of using a bookmark or search result. One missing letter can change everything. For example, misspelling gmail.com as gmai.com does not generate an error. Instead, you can deliver your email directly to criminals. Infoblox discovered that some of these font domains are actively running mail servers to capture messages. Worse yet, many of these domains are part of massive portfolios. One group tracked by Infoblox controlled nearly 3,000 similar domains associated with banks, technology companies and government services.
Malicious parked domains often trigger false security warnings or hidden redirects without needing to click. (CyberGuy.com)
How these domains decide who to attack
Not everyone sees the same thing when visiting a parked domain. That’s intentional. Researchers found that parked pages often profile visitors in real time. They analyze the IP address, device type, location, cookies and browsing behavior. Based on that data, the domain decides what you see next. Visitors using a VPN or non-residential connection often see harmless placeholder pages. Residential users using phones or home computers are redirected to scams or malware. This filtering helps attackers stay hidden while maximizing successful attacks.
Why parked domain scams are increasing
Several trends are fueling the problem. First, traffic from parked domains is often resold multiple times through affiliate networks. When you reach a malicious advertiser, there is no longer a direct relationship with the original parking company. Second, recent changes in advertising policies may have increased exposure. Google now requires advertisers to sign up before serving ads on parked domains. While intended to improve security, this change may have pushed bad actors deeper into affiliate networks with weaker oversight. The result is a murky ecosystem where responsibility is difficult to trace.
Even Government Domains Are Under Attack
Infoblox also found typos targeting government services. In one case, a researcher accidentally visited ic3.org instead of ic3.gov while trying to report a crime. The result was a fake warning page claiming that a cloud subscription had expired. That page could have just as easily delivered malware. This highlights how easy it is to fall into these traps, even when doing something important.
A screenshot shows how misspelling the FBI IC3 web address redirects users to an unrelated parked domain. (Infoblox)
Ways to stay safe from parked domain traps
You can reduce your risk with some smart habits:
1) Use bookmarks for important sites
Save banks, email providers and government portals. Avoid entering these addresses manually.
2) Double check the URLs before hitting Enter
Slow down when entering web addresses. An extra second can avoid a costly mistake.
3) Install powerful antivirus software
Powerful antivirus software protects your device if a malicious page loads, blocking malware downloads, scripts, and fake security pop-ups.
The best way to protect yourself from malicious links that install malware and potentially access your private information is to have powerful antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best antivirus protection winners of 2025 for your Windows, Mac, Android, and iOS devices at Cyberguy.com.
4) Consider a data removal service
Data brokers often encourage targeting by selling personal data. Deleting your data may reduce your exposure to fraudulent personalized redirects.
While no service can guarantee complete removal of your data from the Internet, a data deletion service is truly a smart choice. They are not cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically deleting your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to delete your personal data from the Internet. By limiting the information available, you reduce the risk of scammers cross-referencing leak data with information they can find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already available on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already available on the web: Cyberguy.com.
5) Be careful with scare tactics
False warnings about expired subscriptions or infected devices are a major red flag. Legitimate companies do not use panic screens.
6) Keep your browser and device updated
Security updates often close the exact loopholes that attackers use to exploit malicious redirects.
7) Consider a VPN for added protection
While not a panacea, VPNs can reduce exposure to specific redirects tied to residential IP addresses.
For the best VPN software, check out my expert review of the best VPNs for private web browsing on your Windows, Mac, Android and iOS devices in Cyberguy.com.
CLICK HERE TO DOWNLOAD THE News APP
Kurt’s Key Takeaways
The web has changed in subtle but dangerous ways. Parked domains are no longer passive placeholders. In many cases, they act as active delivery systems for scams and malware. The most alarming part is how little effort it takes to trigger an attack. One typo is enough. As threats become quieter and more automated, safe browsing habits are more important than ever.
Have you ever misspelled a web address and ended up somewhere suspicious, or are you now completely reliant on bookmarks? Let us know by writing to us at Cyberguy.com.
Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.
Copyright 2025 CyberGuy.com. All rights reserved.
Kurt “CyberGuy” Knutsson is an award-winning technology journalist with a deep love for technology, gear and devices that improve lives with his contributions to News and News Business since mornings on “News & Friends.” Do you have any technical questions? Get Kurt’s free CyberGuy newsletter, share your voice, a story idea or comment on CyberGuy.com.