Explained: typosquatting [updated]

Explained: typosquatting [updated]

Typosquatting is a term you may have seen when reading about Internet scams. In essence it relies on users making typing errors (typos) when entering a site or domain name. Sometimes it is also referred to as URL hijacking or domain mimicry, but IMHO the word typosquatting describes the matter more adequate.

Roads to success

As you will understand the success of a typosquat scammer depends on the number of victims that are likely to misspell the intended domain and land on the scammers’ pages. To maximize the success rate takes some insight into the workings of human mind-fingers coordination.

Another thing to keep in mind is that there are many different keyboard layouts, so replacing one letter with an adjourning character on the QWERTY keyboard does not work for everyone.

One road to success depends on the occurrence of double letters in a domain name. A regular mistake is to type the consecutive letter double instead of the intended one. For example the rather famous goggle[dot]com.

Another often used trick is to try and register domains with the same name but with a different top-level domain (TLD).

whitehouse
This is actually an adult site

For example, whitehouse[dot]com when the actual site is at whitehouse.gov. But, in most cases you will find that organizations have already registered the domains with their company names and the most popular TLD’s, so that these will redirect to the actual site rather then that they could be abused.

Note that were it concerns companies, similar domains are also registered for other reasons then typosquatting like for example CEO fraud as explained in more detail elsewhere on our blog.

Celebrities are a different case. It seems they often register only one domain if any at all. That leaves all the rest up for grabs. Sometimes these are scooped up by early fans, but scammers and advertisers are happy to exploit them at any opportunity they get.

Who are you going to call?

If you are famous or the owner of a very popular domain you may want to know who to contact when you notice your domain is being typosquatted. There are several organizations you can turn to. It depends on the type of infringement and how you want the case to be handled.

  • WIPO (World Intellectual Property Organization), you can ask the WIPO to rule that the domain(s) be transferred to you, but it is up to you to prove that the domain(s) meet some requirements, and I quote:

 

the domain name is identical or confusingly similar to a trademark or service mark in which the complainant has rights; and the domain name holder has no rights or legitimate interests in respect of the domain name; and the domain name has been registered and is being used in bad faith.

  • Anticybersquatting Consumer Protection Act (ACPA), one of the ACPA’s most widely used and powerful tools is its “imposition of civil liability on someone who registers and/or uses a domain name that is confusingly similar to someone else’s trademark with the intent to profit from the use.” Damages can amount up to a maximum of $100,000 per domain, but they depend on several factors, including how the domain was used and to what extent it included the popular name that it was mimicking.
  • ICANN (Internet Corporation for Assigned Names and Numbers), the non-profit organization responsible for managing the top-level domain name system and Internet Protocol (IP) allocation. If you are just trying to reclaim a domain, this is often done quickly by ICANN, but they can’t award any damages.

Profitable

In the light of what experienced scammers are able to make of a successful typosquatted site, the maximum damages are not an adequate measure, so CADNA (Coalition Against Domain Name Abuse) argues for increasing the penalties for these practices.

A few tips to avoid ending up at the wrong site

In essence most of these tips are very basic as they are aimed at not typing the url.

  • Bookmark your favorites
  • Use search results rather than typing the url in the address bar
  • Leave some or all of the sites that you visit every day open in your browser tabs (most popular browsers offer the option to continue where you left off or to specify a set of sites to start with)
  • Never click links in unexpected mails or on unknown sites
  • Use an Antivirus or Anti-malware solution that offers web protection and preferably even an anti-exploit solution.

As always, save yourself the hassle, use adequate protection.

Links

Measuring the Perpetrators and Funders of Typosquatting

example WIPO ruling

Icannwiki about typosquatting

Updated to add a link to a scientific study that monitored the typosquatting landscape over a period of several months. For those interested in a scientific look into this field we recommend reading Seven Months’ Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse

 

Pieter Arntz

ABOUT THE AUTHOR

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.