Typos can be funny or embarrassing. But cybercriminals also use typosquatting domains to scam and defraud you (and your customers)
If you are wondering, “what is typosquatting?” you are in the right place. A typo is a typing mistake that often has humorous results. Squatting, on the other hand, means occupying something illegally.
Typosquatting is a popular term in the cybersecurity industry and is one type of cybersquatting. Many big organizations — Facebook, Google, PayPal, Apple, and Amazon alike — have been typosquatting victims. In this article, we will explore:
- What typosquatting is,
- Typosquatting examples,
- Why people engage in typosquatting, and
- Typosquatting protection tips.
What Is Typosquatting? A Definition
Typosquatting, also known as URL hijacking, occurs when people buy intentionally misspelled or slightly different domain names that closely resemble a legitimate brand’s website. Here, some people (known as typosquatters) buy domain names that look similar to popular domain names but are just slightly off or have some typing mistakes.
Cornell defines typosquatting as “the process of acquiring misspellings of a domain name in the hopes of catching and exploiting traffic intended for another website.”
Basically, attackers guess what type of spelling errors people are likely to make while typing a URL. They then buy those misspelled domains to get free traffic or to achieve a more nefarious goal.
Typosquatting Examples: What Constitutes a Typosquatting Domain Name?
Let’s find out what kind of misspelled domains typosquatters tend to buy.
1. Adding or Omitting Alphanumeric Characters
We all make such common errors while we are in a hurry or typing carelessly. Typosquatters know that and buy “typo” domains to capitalize on such mistakes.
For example, they may buy domains like:
- Amzon.com (instead of amazon.com),
- Chasse.com (instead of chase.com),
- Facebok.com (instead of facebook.com), and
- Linkdin.com (instead of linkedin.com).
A Real-World Typosquatting Example
Google’s typosquatting site Goggle.com was infamous for downloading malware onto website visitors’ devices. The malware starts showing spam pop-ups containing pornographic imagery. It also downloaded a rogue antivirus program named SpySheriff that damaged victims’ devices.
Another example of a Google-related typosquatting domain, goole.com, looks like an affiliate marketing site.
2. Exploiting Confusing Spellings
Some words are difficult to spell, especially long ones that contain a lot of vowels. And it’s common for people to get confused and misspell such words. Typosquatters love to buy these domains. They scoop up misspelled domains and wait for people to make spelling mistakes that result in people landing on their sites.
- Mathemetics.com or mathamatics.com (instead of mathematics.com),
- Dictionery.com (instead of dictionary.com), and
- Formate.com (instead of format.com).
Typosquatting examples: Simon Porte Jacquemus is a French fashion designer who has registered the trademark for the name “Jacquemus” for his clothing and accessories company in 2013. In 2020, someone registered the domain name Jacqumus.com (notice the missing “e”). Jacquemus’s legal team accused the typosquatting site’s domain owner of making the site to take advantage of the brand name Jacquemus to infect users’ devices with malware.
In the end, Simon Porte Jacquemus won the case and received ownership of jacqumus.com.
3. Misusing the Top-Level Domain (TLD) System
A top-level domain is the last part of a domain name — like .com, .org, .net, .edu, etc. Sometimes people make typos when typing TLDs as well, and attackers exploit those gaffs. For example, typosquatters buy the popular sites’ domains with the following TLDs to replace “.com.”
- .cm (TLD for Cameroon)
- .co (TLD assigned to Colombia)
- .om (TLD for Oman)
Typosquatting examples: NeimanMarcus.com belongs to Neiman Marcus Group, an American chain of luxury department stores. The company sued the domain registrant company Dotster for registering NeimanMarcus.cm (and other 27 other related domains).
Aol.cm, itunes.cm, chase.cm, Costco.cm, Walmart.cm, etc., are some of the typosquatting sites that redirect users to some other sites, labeled as phishing sites, or are listed for sale.
Cybersquatting and Typosquatting: What’s the Difference?
Cybersquatting is a broad category and typosquatting is just one variant of it. The typosquatting definition includes only misspelled domains. But it’s not the only domain squatting way for cybercriminals to defraud the visitors. Along with typosquatting, cybersquatting includes other types of domain fraud techniques, such as:
- Buying domains with different TLDs. For example, if a popular website is running on .com, cybersquatters buy the same domain with different TLDs like .org, .net, .tech, .shop, etc.
- Purchasing matching domains by adding a word, letter, or number to the original domain.
- Wells-fargo.com, and
- Changing the order of words in domains. For example:
- Insiderbusiness.com (instead of businessinsider.com),
- Cowcaboy.com (instead of cowboycab.com), and
- Geeksiteon.com (instead of geeksonsite.com)
- Swapping similar-looking letters and numbers in the original domain. Examples of this includes swapping:
- o with 0,
- i with l,
- L with 1,
- rn with m,
- S with 5, etc.
Examples of typosquatting domains that use these similar-looking letters would include facebo0k.com (instead of facebook.com) and walrnart.com (instead of Walmart.com)
In short, cybersquatting includes all types of duping tactics using incorrect domain names. Typosquatting, on the other hand, is just a subset of the cybersquatting concept that involves intentionally misspelled domains.
Typosquatting vs. Homographic Attacks
There is another type of domain fraud tactic called a homographic attack, which is slightly different than a typosquatting attack. Typosquatting preys upon innocent typing mistakes by claiming domains that include basic spelling mistakes and typos. But in homographic attack, the attacker intentionally creates domains that are visually indistinguishable from the real domains by using Unicode in place of some American Standard Code for Information Interchange (ASCII) characters.
For example, a person named Xudong Zheng wrote a blog claiming that he was able to buy apple.com by manipulating unicodes. His version of the domain is “https://www.xn--80ak6aa92e.com/” but it appears like “apple.com” when you load the URL in specific versions of the Firefo and Chrome web browsers.
Chrome and Internet Explorer have recently developed a security mechanism to detect homographic domains. But if you click on his fake apple.com link and open it with Firefox or Chrome 58 (or earlier), you can still see the fake apple.com.
The Goals of Typosquatting
Why would someone want to take advantage of someone’s URL typing mistakes? What will they get in return? Let’s find out.
1. Trapping Victims into Phishing Scams
Phishing is a technique in which the perpetrators impersonate a legit person/company/entity to dupe people. The goal is often to get people to provide personal or financial information or to download malicious software.
Attackers buy similar domain names and make phishing websites that look exactly like the original one. Hackers use the same logos, colors, fonts, styles, and infographics to imitate popular sites. When people make typos and land on these replica sites, they may not differentiate the fake sites from the legitimate ones. As a result, they may fall victim to different types of cyber scams.
But what makes visiting a fake website so bad? A lot of things. For example, victims often input some of the following information on the duplicate sites:
- Login credentials,
- Personally identifiable information (like names, email addresses, physical addresses, dates of birth, phone numbers, etc.),
- Payment card numbers,
- Bank account details,
- Health-related information, and
- Social security numbers.
Attackers use these fake websites to steal their data so they can use it to carry out identity fraud or other cybercrimes. Sometimes, they sell the personal and financial data on the dark web to other hackers or advertisers to make a quick buck.
2. Using Phony Sites to Distribute Malware
Attackers buy domain names similar to reputable domains and hide malware like viruses, worms, ransomware, rootkits, trojan horses, etc., in the sites. Whenever users make a typing mistake, they reach the malware-laden sites. The malware either automatically gets downloaded in victims’ devices or after the user clicks on some triggers like links, buttons, advertisement, video, or another type of media file.
Some types of malware, known as ransomware, immediately lock victims’ device screens or encrypt ther data. The hacker asks for extortion money to unfreeze the screen and let users access their devices. Hackers sometimes encrypt important documents and files so that they can demand ransom money in exchange for decrypting it. (Although, in many cases, even if the victim pays, it doesn’t mean that the attacker holds up their end of the deal.)
In some cases, attackers use ransom malware to eavesdrop and steal users’ sensitive information to blackmail the victims.
3. Earning Money from Advertisements
There are direct advertisers or third-party platforms like Google AdSense that pay website owners per click or per thousand impressions. Popular sites have millions of daily visitors. The more visitors a site has, the higher the chance that some of them will type in the wrong domain.
Typosquatting becomes a way for people to gain free web traffic and earn money from advertisements by capitalizing on users’ typing errors. They buy these sloppy domains and then get paid to host advertisements on them.
4. Making Money Via Affiliate Marketing
Some people buy misspelled domain names and become affiliates of the original brand. They advertise products/services and send the traffic to the partner site via affiliate links. For each referral or sale, the original site saves the cookie and pays the commission to these typo-sites as a part of their affiliate program.
5. Making Money by Selling Typosquatting Domain Names at Inflated Prices
Popular brands and businesses often try their best to protect their brand names and customers. They spend huge sums of money on buying similar-looking and misspelled domain names. It’s a well-known industry practice, and some cybercriminals like to take advantage of it.
When typosquatters observe that a business/website is getting popular, they buy similar domains and domains with different top-level domains (TLDs). This way, they can turn around and sell them to the original brand owners at higher costs.
Some attackers use typo sites as a tool to execute ransom attacks. They post offensive or inappropriate content on such misspelled sites to embarrass the original brands and coerce them to buy the domain name at a high price just to save the company’s reputation.
6. Ruining the Legitimate Site or Brand’s Reputation
The goal for some typosquatters is to ruin the reputation of businesses by creating fake or malicious websites. It’s all about carrying out revenge or another agenda. They buy typosquatting domains to publish their extremist political, religious, or social views, which contradict the original website’s values. These types of typosquatting sites are known as gripe sites.
Although a rare practice, some businesses buy the typo-domains of their competitors. They then use the domain to create an inappropriate website or write stuff that is harmful to the competitor brand’s image. They may also use it to redirect traffic to their own website.
7. Capitalizing on a Brand’s Name to Start Similar Business
Typosquatters get free traffic by taking advantage of your customers’ or site visitors’ typing mistakes. These are the people searching for the original website and are interested in the website’s business, content, or activities. Hence, it is a niche audience. Typosquatters leverage your target audience’s interest to start a business that’s similar to yours.
Typosquatting Protection Tips
We’ve put together some tips that you can follow to prevent typosquatting. We’ve also got some info to help you figure out your legal options if someone buys a typosquatting domain that resembles your website.
- Buy similar-looking typosquatting and cybersquatting domains. Domains don’t cost much, but buying typosquatting domains can save you from costly legal battles, brand damage, and having to buy the domains from the typosquatters in the future at premium prices.
- Communicate with the typosquatter and see if you can come to an agreement. Sometimes the domain registrant might not be aware that their domain name resembles some other brand, especially if a brand is famous in one region but not in another one. Sometimes, typosquatter asks for a small price to hand over the domain, which won’t cause much burden to the businesses. So, try to talk to the domain registrant before moving on to legal options.
- Take legal options if nothing else works. You can file a case against someone you believe is typosquatting. Many countries have different laws regarding such cases. In the United Nations, typosquatting is covered under Anti-Cybersquatting Consumer Protection Act (ACPA). For international disputes, you can request World Intellectual Property Organization (WIPO) to arrange the arbitration. They will consider the Uniform Domain-Name Dispute-Resolution Policy (UDRP) for such cases.
- Register trademark for your brand/business name. The cybersquatting definition for both ACPA and UDRP covers registered trademarks only. So, your brand must be a registered trademark if you decide to take the legal path.
Final Thoughts on Typosquatting
We hope this article has helped you answer the question “what is typosquatting?” Typos and spelling mistakes are common — we all make them. But these seemingly silly and insignificant errors can lead to dire consequences.
As an internet surfer, being vigilant while typing a domain name is the best way to protect yourself and your business against the effects of typosquatting. You should also be cautious if you see any unusual changes in a website’s appearance, redirects, automatic downloads, or anything that seems fishy. It means that you might have arrived on a typosquatting website. So, go to the web address bar and recheck the domain name meticulously.