Typosquatting is a form of cybersquatting where someone sits on similar domain names to those owned by another brand or copyright, targeting Internet users who incorrectly type in a website address into their web browser, rather than using a search engine. Typosquatting is also known as url hijacking, domain mimicry, a sting site, or a fake URL.
The typosquatted domain owner may redirect traffic to a different URL, show ads, or simply park the domain with the hope that the brand buys the domain from them.
Table of contents
- How does typosquatting work?
- What are the dangers of typosquatting?
- What is cybersquatting?
- How has cybersquatting changed?
- Do any laws apply to typosquatting and cybersquatting?
- How can you avoid typosquatting?
- How UpGuard can help protect against typosquatting
Typosquatting is made possible by typos, misspellings or misunderstandings in a popular domain name. If a user makes a mistake while typing a domain name and fails to notice it, they may accidentally end up on an alternative website set up by the typosquatters.
One of the earliest examples of typosquatting was in 2006 when Google was the victim of typosquatting by the site Goggle.com, widely considered to be a phishing/fraud site. Typosquatters also had their sights on URLs like foogle.com, hoogle.com, boogle.com, yoogle.com, toogle.com, and roogle.com due to their close physical proximity to g. This can be a major cybersecurity risk if your business gets a large volume of traffic.
There are at least eight kinds of typosquatting:
- Typos: Mistyped web addresses of well-known brands in the address bar, such as goigle.com
- Misspelling: Many web addresses can be misspelled. An example would be gooogle.com
- Wrong domain extensions: As more top-level domain (TLD) names are added, so does the likelihood of typosquatting sites. An example here would be google.co
- Alternative spellings: Users may be misled by alternative spelling of services, brand names or products like getphotos.com vs getfotos.com
- Hyphenated domains/combosquatting: This involves omitting or adding a hyphen in order to illegally direct traffic to a typo-domain e.g. facebook.com vs. face-book.com
- Supplementing popular brand domains: If well known brands are supplemented with appropriate words, they may produce a legitimate-sounding typosquatted domain name, e.g. apple-shop.com vs apple.com
- Pretending to be www: wwwfacebook.com vs www.facebook.com
- Abuse of Country Code Top-Level Domain (ccTLD): twitter.cm vs twitter.com leading a person who left out a letter away from the real site
Typosquatting has become such a problem that large companies like Apple, Google, Facebook and Microsoft have begun registering domains containing typical typos and misspellings themselves or have had domain registration blocked by a The Internet Corporation for Assigned Names and Numbers (ICANN) service.
There is no inherent danger to typosquatting. However, many owners of typosquatted domains are acting in bad faith like trying to install malware or ransomware such as WannaCry, monetise popups, steal credit card numbers, phish personal data or log in credentials, or some other scam on the fake website.
Popular uses of typosquatted domains include:
- Bait and switch: The site is trying to sell you something you may have bought at the correct URL and then not sending you the item
- Domain parking: Owner wants to sell the domain for a price that increases as your business grows
- Imitators: The website passes itself off as the real location to perform a phishing attack
- Joke site: The site makes fun of the trademark or brand name
- Related search results listing: Owner uses traffic that was meant for the real site to drive traffic to competitors, charging them on a cost-per-click basis
- Surveys and giveaways: Site pretends like they're interested in feedback from the real site's customer to try get access to sensitive information
- Monetize traffic: Owner puts up advertisements or popups to generate advertising revenue from direct navigation misspellings
- Affiliate links: Site redirects traffic back to the brand through an affiliate link, earning a commission for each real purchase through the brand's affiliate program
- Install malware: To infect or generate revenue from adware
- Phishing: Attempt to gain personal data, login credentials or emails
Cybersquatting is another form of domain squatting. In this case, a person buys a domain name of a popular site or brand with the aim of selling it back to the owner of the real site or brand.
Cybersquatters attempt to sell domains for as much money as possible to the actual owner of the brand name, company or individual's name. Due to the cyber risk of typosquatted domains and potential revenue loss, many companies are willing to pay a lot of money for "fake" URLs to prevent misuse and to drive additional traffic to their website. Due to the cheap price of domain registration for most TLDs, cybersquatting can be incredibly profitable.
One of the most profitable cybersquatting methods in the past was to buy the domain names of popular brands that weren't focus on the Internet until it hit mass adoption in the 21st century.
This led cybersquatters to be able to register domains first and then later sell them onto the business for large multiplies.
The other popular trend was to register the name of a famous person like an actor or politician.
As the Internet has become more popular, businesses and celebrities have become wiser to the practice and the availability of popular domains has decreased. These days, cybersquatting generally involves the introduction of a new top-level domain (TLD) like .xyz or .coffee. As each new TLD becomes available, there are potentially hundreds of thousands of cybersquatting opportunities.
In the United States, the Anticybersquatting Consumer Protection Act (ACPA) was enacted in 1999 to establish a cause of action for registering, trafficking in, or using domain names that were confusingly similar to, or dilutive of, a trademark or personal name.
The law was designed to thwart cybersquatters who registered domain names containing trademarks with no intention of creating a legitimate website but instead planned to sell domains to the trademark owner or third-party.
Since ACPA, domain name owners have to be able to prove they intend to use the URL in good faith and that it is not confusingly similar to an existing trademark, brand, or website.
Outside the United States, the Uniform Domain-Name Dispute-Resolution Policy (UDRP) from ICANN allows trademark holders to file a case at the World Intellectual Property Organization (WIPO) against typosquatters and cybersquatters.
You can petition WIPO to give you ownership of a domain by proving:
- The domain is identical or confusingly similar to yours
- The URL holder has no rights to your work
- The domain registrar is using the site in bad faith
In 2007, the Coalition Against Domain Name Abuse (CADNA) was established to make the Internet and a safer and less confusing place by decreasing instances of cybersquatting in all forms. CADNA believes the maximum damages don't accurately measure the damage done by typosquatting and they want to increase penalties for all typosquatting practices.
Organizations can limit the impact of typosquatting by registering important and obvious typo-domains and redirecting these domains to their website. In addition, they can register other country extensions and other relevant top-level domains, alternate spellings, and variants with and without hyphens.
It's a good idea to register your brand name with the Trademark Clearinghouse (TMCH) and use the Trademark Registry Exchange Service of ICANN (TRex) to ensure that unauthorised domain registrations by typosquatters and cybersquatters are blocked during and after the sunrise period.
SSL certificates are a great way to signal that your site is the real site. They tell the end-user who they are connected with and protect user data during transfer. A missing SSL certificate for a site is often a tell-tale sign that you have been taken to an alternative website.
Typosquatted domains may also be used to impersonate your organization over email, so it's important to have DNS information include sender policy framework and to use secure email gateways, detection software to identify impostor emails, and software that can automatically detect mismatched From headers and envelope sender addresses.
If you believe someone is impersonating (or preparing to impersonate) your organization, there are several actions you may take:
- Notify your stakeholders: Let your customers, staff, or other relevant parties know to look out for suspicious emails or a phishing website
- Get suspicious websites or mail servers taken down: The process for getting a website taken down depends on the geography your company operates in, but a good place to start is with the UDRP as mentioned above
UpGuard BreachSight's typosquatting module can reduce the cyber risks related to typosquatting, along with preventing breaches, avoiding regulatory fines and protecting your customer's trust through cyber security ratings and continuous exposure detection.
We can also help you continuously monitor, rate and send security questionnaires to your vendors to control third-party risk and improve your security posture, as well as automatically create an inventory, enforce policies, and detect unexpected changes to your IT infrastructure.