Typos may be amusing or humiliating. Cybercriminals, on the other hand, use typosquatting domains to defraud and scam you (and your customers)
If you’re asking yourself, “What is typosquatting?” You’ve arrived at the right place. A typo is a typing error that often has funny implications. Squatting, on the other hand, refers to the unlawful occupation of a room.
Typosquatting is a form of cybersquatting that is commonly used in the cybersecurity industry. Many large corporations, including Facebook, Google, PayPal, Apple, and Amazon, have become victims of typosquatting. In this post, we’ll look at:
- What typosquatting is,
- Typosquatting examples,
- Why people engage in typosquatting, and
- Typosquatting protection tips.
What Is Typosquatting? A Definition
Typosquatting, also known as URL hijacking, happens when people purchase domain names that are deliberately misspelt or subtly different from a legitimate brand’s website. Some people (known as typosquatters) purchase domain names that are similar to well-known domain names but are slightly off or contain typos.
“The method of obtaining misspellings of a domain name in the hopes of catching and manipulating traffic intended for another website,” according to Cornell.
Basically, attackers make educated assumptions about the kinds of spelling mistakes people are likely to make when typing a URL. They then purchase those misspelt domains in order to obtain free traffic or to accomplish a more sinister purpose.
Typosquatting Examples: What Constitutes a Typosquatting Domain Name?
Let’s see what types of misspelt domains typosquatters prefer to purchase.
1. Adding or Omitting Alphanumeric Characters
When we’re in a rush or typing carelessly, we all make basic mistakes. Typosquatters are aware of this and purchase “typo” domains in order to profit from such errors.
They may, for example, purchase the domains:
- Amzon.com (instead of amazon.com),
- Chasse.com (instead of chase.com),
- Facebok.com (instead of facebook.com), and
- Linkdin.com (instead of linkedin.com).
A Real-World Typosquatting Example
Goggle.com, Google’s typosquatting site, was notorious for uploading malware into website visitors’ computers. The malware begins to view spam pop-ups with pornographic imagery. It also installed a rogue antivirus software called SpySheriff, which caused harm to victims’ computers.
Goole.com, another Google-related typosquatting domain, tends to be an affiliate marketing platform.
2. Exploiting Confusing Spellings
Some words, particularly long ones with a lot of vowels, are difficult to spell. And it’s not uncommon for people to be perplexed and mispronounce those terms. These domains are common among typosquatters. They buy misspelt domains and wait for people to make spelling errors, resulting in visits to their websites.
Consider the following scenario:
- Mathemetics.com or mathamatics.com (instead of mathematics.com),
- Dictionery.com (instead of dictionary.com), and
- Formate.com (instead of format.com).
Simon Porte is an example of typosquatting. In 2013, Jacquemus, a French fashion designer, registered the name “Jacquemus” as a trademark for his clothing and accessory business. Someone registered the domain name Jacqumus.com (note the missing “e”) in the year 2020. The legal team for Jacquemus accused the typosquatting site’s domain owner of creating the site to infect users’ computers with malware using the brand name Jacquemus.
Simon Porte Jacquemus eventually won the case and was awarded possession of jacqumus.com.
3. Misusing the Top-Level Domain (TLD) System
The last element of a domain name, such as.com,.org,.net,.edu, and so on, is known as the top-level domain. When people type TLDs, they often make mistakes, which attackers take advantage of. Typosquatters, for example, purchase common sites’ domains with the following TLDs to replace “.com.”
- .cm (TLD for Cameroon)\s .
- co (TLD assigned to Colombia)\s .
- om (TLD for Oman)
Examples of typosquatting: NeimanMarcus.com is part of the Neiman Marcus Group, an American luxury department store chain. Dotster, the domain registrant firm, was sued by the company for registering NeimanMarcus.cm (and other 27 other related domains).
Some typosquatting sites include Aol.cm, itunes.cm, chase.cm, Costco.cm, Walmart.cm, and others that redirect users to other sites, are branded as phishing sites, or are marked for sale.
Cybersquatting and Typosquatting: What’s the Difference?
Typosquatting is one variant of cybersquatting, which is a wide category. Only misspelt domains are included in the typosquatting description. However, domain squatting isn’t the only way for cybercriminals to defraud tourists. Cybersquatting involves a variety of domain fraud tactics in addition to typosquatting, such as:
Purchasing domains with various TLDs. If a famous website is hosted on.com, cybersquatters can purchase the same domain with different TLDs such as.org,.net,.tech,.shop, and so on.
Adding a name, letter, or number to the original domain to purchase matching domains.
Consider the following scenario:
- Wells-fargo.com, and
- Changing the order of words in domains. For example:
- Insiderbusiness.com (instead of businessinsider.com),
- Cowcaboy.com (instead of cowboycab.com), and
- Geeksiteon.com (instead of geeksonsite.com)
- Swapping similar-looking letters and numbers in the original domain. Examples of this includes swapping:
- o with 0,
- i with l,
- L with 1,
- rn with m,
- S with 5, etc.
Facebo0k.com (instead of facebook.com) and walrnart.com are examples of typosquatting domains that use these similar-looking letters (instead of Walmart.com)
In a nutshell, cybersquatting refers to any form of deception involving the use of incorrect domain names. Typosquatting, on the other hand, is a subset of cybersquatting in which domains are deliberately misspelt.
Typosquatting vs. Homographic Attacks
A homographic attack, which is slightly different from a typosquatting attack, is another form of domain fraud technique. Typosquatting preys on accidental typos by alleging domains with basic spelling errors and typos. In a homographic attack, however, the intruder uses Unicode instead of any American Standard Code for Information Interchange (ASCII) characters to create domains that are visually indistinguishable from actual domains.
For example, Xudong Zheng claimed on his blog that he was able to purchase apple.com by manipulating unicodes. His version of the domain is “https://www.xn—80ak6aa92e.com/,” but it displays as “apple.com” in some versions of the Firefox and Chrome web browsers.
Chrome and Internet Explorer have just released a protection feature that detects homographic domains. However, if you open his fake apple.com connection in Firefox or Chrome 58 (or earlier), the fake apple.com still appears.
The Goals of Typosquatting
Why would anyone want to profit from someone else’s URL typing errors? What are they going to get in return? Let’s take a look.
1. Trapping Victims into Phishing Scams
Phishing is a technique in which criminals impersonate a legitimate individual, organisation, or agency in order to deceive people. The aim is frequently to convince people to divulge personal or financial information or to instal malicious software.
Attackers purchase similar domain names and create phishing websites that appear to be identical to the original. To mimic famous websites, hackers use the same logos, colours, fonts, styles, and infographics. When people make typos and end up on these replica pages, they may not be able to tell the difference between the real and the fake. As a result, they can become victims of various cyber scams.
But why is it so horrible to visit a fake website? Quite a few things. On the duplicate pages, for example, victims often enter the following information:
- Username and password,
- Data that can be used to classify you (like names, email addresses, physical addresses, dates of birth, phone numbers, etc.),
- Credit card numbers, bank account information, health-related information, and social security numbers are all examples of confidential data.
Attackers use these bogus websites to steal their content, which they then use to commit identity theft or other forms of cybercrime. To make a fast buck, they also sell personal and financial data on the dark web to other hackers or advertisers.
2. Using Phony Sites to Distribute Malware
Attackers purchase domain names that are close to well-known domains and use them to conceal malware such as viruses, worms, ransomware, rootkits, trojan horses, and other threats. When users make a typing error, they end up on malware-infested websites. The malware is downloaded either automatically or after the user clicks on such stimuli such as links, buttons, ads, images, or other forms of media files.
Any malware, such as ransomware, locks or encrypts the data on victims’ devices right away. The hacker demands ransom money in return for unfreezing the screen and giving users access to their computers. Hackers have been known to encrypt sensitive documents and files in order to demand ransom money in return for their decryption. (Though, in many situations, just because the victim pays doesn’t mean the perpetrator keeps their end of the bargain.)
In certain cases, criminals use ransomware to eavesdrop and steal personal information from users in order to blackmail them.
3. Earning Money from Advertisements
There are direct advertisers and third-party platforms that pay website owners per click or per thousand views, such as Google AdSense. Millions of people visit famous websites every day. The more visits a site receives, the more likely it is that any of them would type in the incorrect domain name.
Typosquatting is a means of gaining free web traffic and profiting from advertising by leveraging users’ typing errors. They buy these shoddy domains and then get paid to place ads on them.
4. Making Money Via Affiliate Marketing
Some people purchase misspelt domain names and join the original brand’s affiliate programme. They market products/services and use affiliate links to guide traffic to the partner’s website. The original site saves the cookie for each referral or sale and pays the fee to these typo-sites as part of their affiliate scheme.
5. Making Money by Selling Typosquatting Domain Names at Inflated Prices
Famous companies and brands often go to great lengths to protect their brand names and consumers. They spend a lot of money on domain names that are identical but misspelt. It’s a well-known business trend that some cybercriminals enjoy exploiting.
When typosquatters find a common company or website, they purchase similar domains and domains with different top-level domains (TLDs). This helps them to resell them to the original brand owners at a higher price.
Typo sites are used by some attackers to carry out ransom attacks. They post offensive or inappropriate material on misspelt pages in order to shame the original brands and force them to pay a high price for the domain name in order to save their credibility.
6. Ruining the Legitimate Site or Brand’s Reputation
Some typosquatters try to destroy companies’ reputations by producing false or malicious websites. It’s all about avenging yourself or pursuing that goal. They purchase typosquatting domains in order to publish radical political, religious, or social views that are incompatible with the ideals of the original website. Grip sites are typosquatting sites that are similar to gripe sites.
While it is an uncommon occurrence, some companies purchase their rivals’ typo-domains. They then use the domain to create an inappropriate website or write content that is detrimental to the reputation of the competitor brand. It’s also possible that they’ll use it to send traffic to their own website.
7. Capitalizing on a Brand’s Name to Start Similar Business
Typosquatters benefit from your customers’ or site visitors’ typing errors to generate free traffic. These are people who are looking for the original website and are curious about its market, content, or activities. As a result, it caters to a specific demographic. Typosquatters take advantage of your target audience’s willingness to start a similar company to yours.
Protecting Yourself From Typosquatting
We’ve compiled a list of suggestions to help you avoid typosquatting. We also have some information to assist you in determining your legal options if someone purchases a typosquatting domain that is similar to yours.
- Purchase typosquatting and cybersquatting domains that look identical. Domains are inexpensive, but purchasing typosquatting domains will save you money in the long run by avoiding costly legal battles, brand harm, and having to purchase the domains from the typosquatters at high rates in the future.
- Make contact with the typosquatter to see whether you can reach an understanding. The domain registrant may be unaware that their domain name is similar to that of another brand, particularly if the brand is well-known in one area but not in another. Often, a typosquatter will ask for a small fee in return for the domain, which will not be a major burden on the businesses. So, before considering legal options, try to speak with the domain registrant.
- If nothing else works, consider legal options. If you think somebody is typosquatting, you can file a lawsuit against them. In such situations, many countries have different rules. Typosquatting is protected by the Anti-Cybersquatting Consumer Protection Act at the United Nations (ACPA). You should ask the World Intellectual Property Organization (WIPO) to organise arbitration for international disputes. In such instances, they would use the Uniform Domain-Name Dispute-Resolution Policy (UDRP).
- Register the brand/business name as a trademark. Both the ACPA and the UDRP define cybersquatting as infringement on a registered trademark. If you chose the legal road, the name must be a registered trademark.
Final Thoughts on Typosquatting
We hope that this article has addressed your question about “what is typosquatting?” Typographical and spelling errors are normal occurrences; we all make them. However, these apparently trivial mistakes may have catastrophic consequences.
Being diligent when typing a domain name is the best way to shield yourself and your company from the consequences of typosquatting as an internet surfer. You should also be careful if you find any odd changes in the layout of a website, as well as redirects, automatic updates, or something else that seems to be suspicious. It’s likely you’ve stumbled on a typosquatting website. So, go to your browser’s address bar and double-check the domain name.