Typosquatting: Understanding the Definition and Risks

Cybersquatting includes several different types, one of which is known as typosquatting. Typosquatting has affected a lot of large companies, including Facebook, Google, PayPal, Apple, and Amazon.

Goggle.com, a Google typosquatting website, was notorious for infecting users' computers with malware. Beginning to display spam pop-ups with sexual images is the virus. It downloaded SpySheriff, a fake antivirus application that harmed victims' computers.

When people purchase purposely misspelled or slightly modified domain names that closely match the website of an established company, the practice of typosquatting, also known as URL hijacking, takes place. Typosquatters are those who purchase domain names that resemble well-known domain names but are slightly off or contain typos.

The purpose of this article is to explore the definition, motivations, examples, working mechanisms, risks, detection, prevention, real-life cases, mitigation strategies, and legal implications of typosquatting. We will cover the following topics related to typosquatting:

• What is typosquatting?

• What are the purposes and motivations behind typosquatting?

• What are some examples of typosquatting incidents?

• How does typosquatting work?

• What are the risks and consequences of typosquatting?

• How can typosquatting be detected and prevented?

• How to mitigate typosquatting risks?

• Are there any legal implications or actions that can be taken against typosquatters?

What is Typosquatting?

Typosquatting, also known as URL hijacking, is a sort of cybersquatting that targets Internet users who enter a website address erroneously in their web browser (for example, "Goggle.com" rather than "Google.com"). Users that commit such a typographical error could be sent to an alternate website run by a hacker, which is typically created with malevolent intent.

You might not be aware that you're visiting a different website since hackers frequently make phony websites that mimic the appearance and feel of your intended destination. Although these websites occasionally provide goods and services that directly compete with those offered on the website you meant to visit, they are mostly designed to steal your personal information, such as credit card numbers or passwords.

These websites are especially risky since just by accessing them, your device might be infected with malware. Hence, harmful malware may be installed on your computer, smartphone, or tablet without you even having to click on a link or agree to a download. Many typosquatters use this technique, known as a "drive-by download", to disseminate malicious software with the aim of stealing your personal information.

Typosquatters may use phishing to get you into visiting their bogus websites. For instance, after the establishment of AnnualCreditReport.com, hundreds of identical domain names with deliberate mistakes were bought, and they soon became the home of phony websites created to deceive visitors. Phishing emails sent by con artists impersonating a reliable website with a typo-squatted domain name provide for good bait in situations like these.

What are the Purposes and Motivations Behind Typosquatting?

Typosquatters may hurt people by, among other things, utilizing false information to steal credit card details, cheating real firms conducting business, or tarnishing the reputations of existing legal business owners. Unfortunately, a lot of dishonest people register typo domains without any ill will and only utilize them for things like cybersquatting. The most common aims of typosquatting are outlined below:

• User Information Theft: The purpose of typosquatting is to steal user data, such as usernames, passwords, SSNs, and credit card numbers. It is more difficult for visitors to notice when they are submitting their information to a phishing site due to typosquatting, which makes the site appear real.
• Bait and Switch: It involves a fraudulent website that offers you products you could have purchased at a legitimate address. Due to the fact that these online purchases were never performed at the right site, it is challenging to dispute them on your credit card account. The buyer won't get what they wanted but will still pay for it because they first thought it was authentic.
• Devalue a Target Site: Cybercriminals are always attempting to deceive their audience. In actuality, they don't care about the standing of the website they're stealing from, but they want to appear as though their site is authentic. They will attempt to make these sites appear real by typosquatting them in order to spread doubt and confusion. This lowers the value of the legitimate site since consumers may mistake it for the imposter site, which may include a lot of garbage and pornographic content.
• Monetizing Traffic: To monetize visitors and create cash for their websites that have been mistakenly identified as the original site, some typosquatters typosquat extremely popular websites. Even search engines occasionally have a tendency to give a typo-squatted site greater weight in their rankings since they believe it to be the original site.
• Get Affiliate Commissions: In order to earn fast cash, trademark thieves frequently typo-squat on domain names. Using affiliate links on these websites, they divert visitors to the brand's official website, where they may profit from each sale made by "typo" customers.
• Domain Squatting: Domain squatting, often known as cybersquatting, is the act of registering a domain name that is the same as a rival company's name or trademark. A cybersquatter will buy the compatible domain name and then sell it to the legitimate brand owner for a higher price. Cybersquatting is the practice of using a domain name to make money off of someone else's name, reputation, or goodwill.

What are Examples of Typosquatting Incidents?

The most widely known typosquatting instances are listed below:

• goggle.com: One of the most well-known instances of typosquatting occurred in 2006 when the incorrect spelling of google.com was exploited in an assault. Instead of using google.com, the malicious website's domain was goggle.com. By either a phishing effort or an unintentional typo, an unaware user landed on Google.com, where their browser was bombarded with pop-up windows and advertisements, and their computer was infected with malware. The site now redirects to google.com, suggesting that it was formerly neutralized. Nevertheless, a test done in 2018 discovered that it was once more sending people to malicious websites.
• fallwell.com: A typo of Jerry Falwell's infamous anti-gay Christian Evangelical preacher website falwell.com, fallwell.com was registered by Christopher Lamparello in 1999. Lamprello wanted to counter Falwell's opinions on gays with scriptural references and phrases for unintentional website users. Upon the filing of a complaint, the court first found Falwell not guilty of the accusations of cybersquatting, unfair competition, and trademark infringement. Due to the fact that Lamparello's website was not a business website, the decision was reversed on appeal in 2005. In 2006, Falwell made an attempt to counter-appeal, but the court rejected his appeal.
• mikerowesoft.com: In 2004, freelance web designer Mike Rowe felt it would be hilarious to register the domain mikerowesoft.com, which had his complete name and the word "soft" at the end. And we must admit, it is rather humorous. Microsoft tried to purchase the domain from Mike Rowe for the princely amount of $10 but failed to see the comedy in it. Rowe turned down Microsoft's offer and demanded $10,000 in exchange for his domain. Rowe was issued a cease-and-desist order by WIPO after it was discovered that he was engaged in cybersquatting as a result.

How Does Typosquatting Work?

In the first step in a typosquatting assault, fraudsters acquire and register a domain name that is a misspelling of a well-known website (some cybercriminals go so far as to buy multiple URLs.) Instead of buying example.com, the internet criminal can choose to buy exmple.com or examplle.com.

When actual people start using a typosquatting domain, it becomes risky. They could have entered the URL incorrectly. Perhaps they could have been drawn there by a phishing scheme that often involves an email and includes a link to a website that has been typo squatted.

The bogus site frequently uses the original organization's logo and design to imitate the genuine one. Users who are fooled into inputting important information, such as their login and password or their bank or credit card credentials, may not be aware that they are on a phony website. If the victim uses the same username and password on several websites, the hackers will have access to this information, putting additional online accounts in danger.

Typosquatting frequently results from misunderstanding or unintentional mistakes made by people, like:

• Typos: Possibly the most frequent mistake made while inputting search information, typos frequently result from the hurried pace of our daily lives. Certain domain types, such as inputting gogle.com instead of google.com, are particularly dangerous for people who frequently type rapidly and erratically or extensively rely on autocorrect.
• Spelling mistakes: Squatters are fully aware of the fact that occasionally a user has not committed a typo but is just unsure of the proper spelling of a brand name. In order to avoid competition, many companies register misspelled variations of their site's name. These misspelled variants are then directed to the correct homepage.
• Alternate spellings: The alternative spellings of well-known service or product names run the risk of confusing online users. For instance, the term "favorite", which is written "favourite" in British English, differs between American and British English. A user may unintentionally type the incorrect URL into their browser if your website address contains a term that is spelled differently in various regions.
• Domain names with hyphens: Adding (or omitting) a hyphen in a domain name can lead to misunderstanding. To trick consumers, typosquatters may add an additional hyphen to a URL that is typically example-onlineshop.com, resulting in example-onlineshop.com. Users could first believe this to be the official website, but in fact, typosquatters are exploiting it to spread malware or advertise.
• Incorrect domain ends: The variety of domain endings for various nations, such as .com, .co.uk, .cn, etc., as well as for various sorts of organizations, such as .com, .org, .web, and .shop, gives additional opportunity for typosquatting. To avoid distinct permutations ending up in the wrong hands, it is crucial for website owners to register a variety of top-level domains. Due to its resemblance to the most popular TLD, .com, typosquatters particularly like the top-level domain for Columbia, .co.

Figure 1. How Does Typosquatting Work?

What are the Risks and Consequences of Typosquatting?

Typosquats, in contrast to other harmful behaviors, have a wide range of detrimental effects on businesses. Risks and consequences of typosquatting are as follows:

• Phishing and social engineering assaults' successes: Phishing and social engineering attempts have been successful because misspelled URLs frequently resemble the actual web address, whether hackers are utilizing a typosquat of your company's website in phishing emails or sending another typosquat website to your employees. This raises the possibility that users, your clients or staff, will click the malicious link. A successful attack may ultimately result in data theft, endpoint malware installation, or user fraud.
• Brand or reputation at risk: Customers who click on a fraudulent typosquat that gathers data could log in using their credentials for the legitimate website. In the end, that typosquat gathers client information that might erode their trust in your business and damage your reputation.
• Reduced revenue: Potential clients might not be able to detect the difference and end up making a purchase from the false website if the person who created the typosquat provides a service or commodity that is similar to yours.

How can Typosquatting be Detected and Prevented?

Nowadays, typosquatting is a big problem for businesses because if they don't take prompt action, their brands will suffer, they will lose money, and their relationships with customers will suffer.

Businesses must keep an eye on their domains to detect any unusual behavior early on in order to combat this issue. Businesses reduce the risks to the income and reputation of their brand by doing this.

Several techniques are used by businesses to identify typosquatting efforts.

They can manually search their domain names on a regular basis using different top-level domains and spelling variants. This strategy, meanwhile, might not be exhaustive enough to find all possible dangers and can be time-consuming.

Depending on whose side of the attack you are on, there are many ways to counter typosquatting. If you're a company whose website has been "typo squatted", as opposed to an internet user trying to avoid harmful websites, your defenses will be different. We'll offer advice for both usage scenarios.

Organizations may follow the next best practices to avoid typosquatting:

• Own the typographic variants of your domain names: That's accurate. Really, you shouldn't wait for hackers to do it first. Make a list of your domain names' most obvious misspellings and register them. It's advised to register country extensions, alternative spellings, and hyphenated variations for your domains, in addition to other top-level domains (.com, .org, etc.). Any of these other domains may be simply redirected to your main website.
• Apply HTTPS: You ought to be doing this in any case. Nonetheless, SSL certificates aid in establishing the legitimacy of your site and helping to authenticate it. Your users will be informed that they are on a trustworthy website by the lock icon in the URL bar. Of course, a bad actor may create a legitimate SSL certificate for their typographically incorrect domain, but at least your users can inspect the certificate if they so desire, and they could then discover they're on the wrong website. There's a significant chance that the attacker won't bother using HTTPS, which is a red flag in and of itself that something could be amiss. You are further shielded by SSL from other online threats like Man-in-the-Middle attacks.
• Use the ICANN website monitoring service: You may utilize the Trademark Clearing House tool offered by the Internet Corporation for Assigned Names and Numbers (ICANN) to see how the name of your company is being used across various domains. It could let you discover whether there is an unintentional "typo squatted" copy of your website out there. The service is offered everywhere.
• Inform your team, business partners, and clients: You should inform your partners, clients, and consumers as soon as you become aware that harmful, misspelled copies of your website are available online. They will be able to watch out for phishing emails and double-check the URLs in their browsers as a result.
• Take down any mail servers or websites that are harmful: Although it's preferable to attempt to prevent becoming "typosquatted" in the first place, it can occasionally still happen. You might need to use the legal system in certain situations to have those websites and servers taken down. However, because it's an expensive procedure, your best option is to take every precaution to stay out of this predicament. But, ICANN's Uniform Domain Name Dispute Resolution Policy is a great place to start if you need to pursue legal action.

What are the Best Practices to Avoid Fyposquatting for Individuals?

Individuals may follow the next best practices given below to avoid typosquatting. The most crucial thing for internet users attempting to prevent typosquatting is attentiveness, along with a number of suggestions that are just common sense. The first six suggestions specifically address typosquatting (and other online assaults), while the latter four recommendations are for general internet security. In any case, you should incorporate as many of them into your regular web surfing regimen.

• In emails, avoid clicking links (URLs) unless you are certain that you know who supplied the link, where it is going, and that they are not being impersonated. And even then, check the URL carefully. Is the link HTTP or HTTPS? Nowadays, HTTPS is used by most trustworthy websites. As a matter of course, double-check the URL for typos. Avoid utilizing the link if you can reach the location without it.
• Never open an email attachment before confirming with the sender that they actually sent you the email with the attachment.
• Put antiviral software to use. Only get authentic antivirus software from reputable sources, and do frequent scans on a regular basis.
• Using your mouse pointer over links, carefully check them for misspellings or other problems.
• Save bookmarks for the websites you visit the most, and always go to those sites using your bookmarks.
• Instead of typing in website addresses or clicking links in emails or instant messages, use a search engine to find them. As an alternative, voice assistants can be used to do the same task.
• Use a firewall. Many popular operating systems come with an inbuilt inbound firewall, and every commercial router available has a NAT firewall as well. Verify that these are turned on. If you click a harmful link, they could keep you safe.
• Never click pop-up windows. Ever. Where they'll take you next is always a mystery.
• Consider taking your information elsewhere if your browser issues a warning about a website you are attempting to access.
• Never respond to emails, texts, or calls asking for personal information. This is a typical indication of phishing fraud. If you respond, they can email you a link to click on in order to "address the problem" they were trying to reach you about. And always keep in mind that reputable businesses would never request personal information from you over email.

How to Mitigate Typosquatting Risks?

Companies may do research to assist make it more difficult for hackers before waiting until they utilize the brand as part of an attack.

• Domain Typo Generators: Companies may utilize a range of choices from a fast internet search for a "typosquatting generator" to discovering the most frequent misspellings and typos for their brand. To stop fraudsters from making these, a company may wish to use these to proactively buy domains with the most common misspellings or typos of its brand.
• Github: Programs for domain name permutation engines that can aid identify typosquatting, phishing, and URL hijacking can be found on GitHub. Several of these may be connected with a company's security solutions and can aid in the detection of lookalike domains.

Are there any legal implications or actions that can be taken against typosquatters?

The Anticybersquatting Consumer Protection Act (ACPA) was passed in the United States in 1999 to create a legal cause of action for anyone who registers, uses, or traffics in domain names that are confusingly similar to, or dilutions of, a brand or a person's name.

The legislation was created to stop cybersquatters who registered domain names having trademarks in them with the purpose of selling them to the trademark owner or other parties rather than using them for legal websites.

Since the ACPA, domain name owners have been required to demonstrate both their good faith use of the URL and the absence of any misleading similarities to already-existing trademarks, brands, or websites.

The Unified Domain-Name Dispute-Resolution Policy (UDRP) from ICANN enables trademark owners to take cybersquatters and typosquatters to court using the World Intellectual Property Organization (WIPO).

You can convince WIPO to grant you control over a domain by demonstrating:

• The domain name is the same as yours or confusingly close to it.

• Your work is not licensed to the owner of that Site.

• The website is being used in bad faith by the domain registrar.

The Coalition Against Domain Name Abuse (CADNA) was founded in 2007 with the goal of reducing cybersquatting in all its manifestations and making the Internet a safer and cleaner environment. The CADNA wants to strengthen penalties for all typosquatting practices because they feel that the maximum damages don't adequately reflect the harm caused by the activity.