Typosquatting
What Is Typosquatting?
Typosquatting is the process of registering domains that are similar to website domains used by famous brands but contain typos in the URL. The purpose is to target people who mistype a URL, usually for malicious purposes. The process is also known as URL hijacking, and the typosquat sites themselves are known as sting sites.
Someone doing this for malicious reasons might have set up their own site to look like the one they are imitating, so they capture people’s login credentials and perform account takeovers with them.
There are alternative applications too, from wanting more traffic to a legitimate website, to enabling affiliate fraud and using it as a stepping stone for social engineering attacks.
As an example, consider the fact that Google processes more than 99,000 searches every second. That’s a huge volume of people typing www.google.com, www.google.co.uk, www.google.pt and so on into their browsers.
As such, a fraudster who registers www.googgle.com or similar can expect a steady stream of traffic to their site. It is simply a numbers game, due to the sheer volume of users. Many will end up at the sting site after mistyping the URL.
How Does Typosquatting Work?
Typosquatting relies on users wrongly entering a domain name into their browser. The reason for the error doesn’t matter. The result is still that the user ends up on the typosquat site. The fraudster who has set up the typosquat website can then carry out a range of malicious actions.
Some common ways that users end up on typosquatting sites include:
| Typos | The user mistypes the URL. |
| Incorrect spellings | The user cannot spell the brand name or misunderstands what the brand is called. |
| Incorrect domain extensions | The user types .co instead of .com. |
| Email scams | Some scam emails purport to be from a genuine brand but actually contain a typosquatting link rather than a link to the brand’s real website. |
Types of Typosquatting
Fraudsters set up typosquatting sites for a range of reasons, including theft and phishing. Bear in mind that typosquat sites can exist to carry out multiple activities at the same time – for example, to steal sensitive information and distribute malware.
- Distributing malware: The typosquat site tricks the user into downloading malware, including threatware. Some sites don’t even require the user to click anything: Simply visiting the site is enough to trigger an attack known as a drive-by download, which installs malware on the user’s device.
- Phishing: A site can be set up to look just like a genuine brand’s site. This can fool users into entering login details, email addresses and other sensitive information.
- Theft: The site advertises a brand and claims to sell products from that brand, but it actually just takes cardholders’ money without sending them anything in return. This not only harms the would-be customers but may also harm the reputation of the genuine brand, as the victims may believe it is the genuine brand that has ripped them off.
- Extortion: A typosquatter may use the website as a way to convince the company that owns the actual, legitimate domain to pay up money to get rid of this nuisance. So they may ask to be paid in order to hand the domain to them.
- Other monetization: Some typosquatters aim to monetize their sites, whether through advertising, affiliate links, etc. Monetization might happen through the use of cookie stuffing, too.
- Reputational damage: A typosquat site could spread misinformation about a brand, spread rumors about its products, post poor reviews of its goods and services, and so on. This provides an incentive for the genuine brand to purchase the domain from the cybercriminal to alleviate the harm the typosquat site is doing.
Cybersquatting vs Typosquatting
Typosquatting is a form of cybersquatting, in that it seeks to take advantage of a company’s domain name. However, the two practices have some distinct differences.
While typosquatting and cybersquatting are slightly different approaches, their goal is often the same: to obtain sensitive information or money (or both), to distribute malware, to damage a brand, and so on.
| Typosquatting | Cybersquatting |
| The hacker registers domain names that are similar to – but misspelled versions of – those used by well-known brands. | The hacker registers domain names that are slight variations of those used by well-known brands. |
| For example: www.amazonn.com www.googgle.com www.bankofamenrica.com One of the most infamous examples was when hackers registered www.goggle.com back in 2006 and used the site for phishing and distributing malware. | One of the most prominent examples is when OnlineNIC registered at least 663 domain names that were similar to the real ones used by Verizon Communications (which uses www.verizon.com). Examples included: www.verizon-cellular.com www.buyverizon.net Verizon took OnlineNIC to court and was awarded $31.15 million in damages as a result of the cybersquatting. |
What Is the Difference Between Phishing and Typosquatting?
Phishing and typosquatting are entirely different activities, but sometimes a typosquat website can be used to capture visitors’ credentials – so, it can be used for phishing.
While typosquatting relates to registering misspelled domain names, phishing is defined as an attempt to obtain sensitive information fraudulently. This can involve efforts to obtain such information through emails, text messages, phone calls and websites.
Where typosquatting and phishing cross over is when fraudsters use typosquat sites to do phishing. There are various ways to do so.
They could create an imitation site of a well-known bank, for example, in the hope of tricking users into entering their credentials. Fraudsters may also use fake surveys and prize draws to phish users’ information via typosquatting sites.
Is Typosquatting a Crime?
Typosquatting, along with cybersquatting, is a cybercrime. Penalties vary from country to country. In the US, for example, typosquatting falls under the remit of the Anticybersquatting Consumer Protection Act. Under the act, victims have a right to statutory damages of between $1,000 and $100,000 per domain name. Businesses can also seek injunctions against typosquatters.
Partner with SEON to reduce fraud rates in your business with real-time data enrichment, whitebox machine learning, and advanced APIs.
Ask an Expert
How to Protect Against Typosquatting
Individuals and businesses can protect against typosquatting by always checking the domain name they have typed to ensure they have spelled it right and used the correct domain extension.
Businesses also have a role to play in guarding against typosquatting. One thing they can do is register potential typosquatting URLs and redirect them to their genuine site. This prevents users who mistype the company name from ending up in the hands of cybercriminals. Yes, it costs money to register and maintain the domains, but no robust cybersecurity strategy comes without a price tag.
It is also useful for businesses to monitor domain typosquats to protect their reputation, finances and customers as part of their defenses.
There are also some steps one can take if they discover a typosquat of their website and want to take it offline, though they are not guaranteed to always work:
- Speak to your or the offender’s domain name registrar – as some have in place policies and protection against this.
- Consult CADNA (Coalition Against Domain Name Abuse).
- File a case with a competent authority – e.g. the US courts or the WIPO (World Intellectual Property Organization).
- Implement an SSL certificate to demonstrate to your users that your site is legitimate – unlike the site that mimics it.
- Certain security companies provide specialized typosquatting prevention tools – consider investing in them.
- If all else fails and depending on the damage caused to your company, you may want to approach the owner of the domain and try to buy it off them.
Related Terms
Related Articles
Sources
Contact Us for a Demo
Feel free to reach out to us for a demo!
