Have you ever accidentally mistyped a URL and ended up on a website you didn’t expect? If you have, then you might have happened upon an instance of typosquatting (also known as URL hijacking), a practice used by scammers to take advantage of traffic that would otherwise go to a different, legitimate website. However, what is typosquatting, how does it work and why do scammers do it?
- A typosquatting domain is a fake website that relies on misspelled domain names to redirect users away from the real site and to an alternative website.
- A typosquatting website targets internet users in order to download malicious software onto their device, lure them into phishing schemes or harvest their personal information for identity theft purposes.
- Other uses for typosquatting domains include blackmailing owners of legitimate domains, redirecting website visitors to a competitor of the genuine site or, in less malicious cases, collecting ad revenue or making some sort of statement.
Fake websites with misspelled domains are a dime a dozen, but not all are inherently dangerous to simply visit. While the worst are malicious websites looking to install malware on your device or collect personal information through phishing scams.
However, others are not necessarily dangerous to the end user, aiming to generate advertising revenue or sell the wrong domain address back to the brand owner. Stick with us as we go into more details about typosquatting.
Typosquatting is the practice of intentionally registering a domain name that’s a common misspelling or typo of an existing domain in order to lure unintentional traffic to the website for a variety of purposes.
Typosquatting is illegal in the U.S. under the 1999 Trademark Cyberpiracy Prevention Act. Internationally, copyright and trademark holders can appeal to the WIPO with a takedown request of any website that they can prove meet the criteria of typo or cybersquatting.
The danger that comes from visiting a typosquatted website depends on its purpose. In its most benign form, you’re simply being rerouted to a different website, such as a competitor’s. More malicious intents include installing malware, stealing personal information, or tricking you into thinking you’re on the real website.
What Is Typosquatting? Definition and How It Works
Typosquatting refers to the practice of registering a domain with a URL that’s very similar to a legitimate (and usually popular) website in order to trick users into visiting the fraudulent site rather than the real one.
There are a few different ways this is done, but all of them revolve around the similarity of the fake URL to the real one. Some common methods of typosquatting include:
- A misspelling or typo (usually one that’s easy to make) of a legitimate URL
- A foreign translation of a legitimate URL
- A different top-level domain (for example, replacing “.com” with “.net”)
- Pluralized version of a legitimate URL (for example, “theguardian.com” vs “theguardians.com”)
- Appending an additional word to a URL that looks legitimate (for example, “googlesearch.com” or something similar)
- Removing or adding a period in order to mask some part of the URL or make it appear as another site (for example, “twitt.er”)
All of these methods have the same end result of getting the user to visit a website that they otherwise wouldn’t. Where the online scam goes from there depends on the motivation of the person or people who set up the fraudulent website.
6 Ways Scammers Use Typosquatting
There are a few different reasons for scammers to set up typosquatted domains, and what the actual website will look like will largely depend on this motivation.
1. Making a Statement
The first — and by far the most benign — motivation for cybersquatting is to simply make a statement. This is commonly done by setting up a URL that’s very similar to a company or person’s name, and then posting a disparaging statement or opinion about that person or company on the site.
Examples of this practice frequently include comedians creating websites to mock a person or entity as well as political messaging. Whether or not this actually constitutes typosquatting is a bit of a gray area, as it’s not intended to scam visitors to the site and in most cases it’s immediately obvious to the user what is happening.
2. Redirect Traffic to Competitor
Another relatively benign motivation for typosquatting is to simply redirect the user to a competitor’s website. This is usually done by the competitor itself, and while it’s shady and annoying, it’s definitely not as scary as some of the other things on this list.
3. Collecting Ad Revenue
A relatively basic form of typosquatting is to simply load the fraudulent website with ads, which allows the scammer to collect ad revenue from the accidental traffic.
4. Selling the Domain Name to the Legitimate Site’s Owner
Sometimes the typosquatter has no interest in the user’s traffic at all, beyond using it as a bargaining chip. If a fake site manages to hijack enough traffic, the scammer could offer to sell the domain back to the legitimate owner, betting that they’d rather pay than have to go through a lengthy takedown process.
This type of blackmail is the same motivation as for regular cybersquatting.
5. Phishing Schemes & Data Harvesting
Probably the most difficult kind of typosquatting attack to recognize is one that redirects you to a phishing website that looks identical to the real one.
Depending on the website, the user might enter all sorts of personal information like credit card details, login credentials or social security numbers. The scam website owners can then use this information, with the victim often completely unaware of what happened.
6. Installing Malware
Finally, among the most malicious reasons to set up a typosquatted domain is to install software such as malware or monitoring software on your device. The ultimate purpose of this depends on the malware, and can range from drafting your device into a botnet to monitoring your logins for things like online banking.
Generally speaking, popular websites are at the greatest risk of someone registering similar domains for malicious purposes. The more visitors a webpage gets, the greater the chance that some of those people will fall into the trap by using the incorrect spelling when typing the website address into the address bar.
Pretty much any popular website you can think of — whether it’s Wikipedia, Google, Facebook or any others — have been subject to typo domains similar to their product or domain names. For example, there’s “goggle.com,” which has existed since 2006 and currently redirects to a blog with fraudulent information about the 2020 U.S. election.
Cybersquatting vs Typosquatting: How Are They Different?
While typosquatting refers specifically to registering a domain that’s similar but incorrect in some minor way, cybersquatting is the registering of a domain without any errors.
For example, a cybersquatter can register the domain name for a business or an individual who hasn’t done so themselves yet, then proceed to demand payment for the domain.
If you’re a victim of cybersquatting, you can technically have the site taken down and domain transferred to you, provided you can prove ownership over the term, that the website is intentionally confusing and that the current owner set it up in bad faith.
However, such a process is lengthy, and cybersquatters will gamble that some would rather pay and get it over with than cut through the red tape.
Tips for Webpage Visitors: Protecting Against Typosquatting
From an end user’s perspective (that is, the person visiting the website), protecting yourself against typosquatting is simple and boils down to common sense advice for using the internet in general.
- Don’t click unknown or suspicious links.
- Inspect links to make sure they point to the correct web address by hovering over them before clicking.
- Don’t open unknown email attachments.
- Don’t click on shortened web addresses (for example, tinyurl) if you don’t trust the source.
- Bookmark the sites you use frequently and use the bookmarks to visit them.
- Use a search engine to find websites rather than typing the URL manually.
- Use a safe search tool to weed out malicious results.
- Check the URL of a website carefully after it loads to see if you were redirected somewhere else.
- Install antivirus software that comes with web monitoring.
Typosquatting Tips for Website Owners
It is significantly more difficult to protect yourself against typosquatting or cybersquatting if you’re the domain or trademark holder. The first and best step you can do is to register as many domains as you can, including ones with the website name misspelled in common ways. These domains can then simply redirect to your main website.
This obviously won’t save you if you’ve already fallen victim to typosquatting or cybersquatting. At that point, your best recourse is to file a case with the WIPO (World Intellectual Property Organization), which can issue a takedown request provided that you can prove that the domain qualifies as a case of typosquatting or cybersquatting.
Sometimes, there might be a typosquatted domain name of your brand or company out there that you’re not even aware of.
If that’s something you’re worried about, you can sign up for ICANN’s (the Internet Corporation for Assigned Names and Numbers) “trademark clearinghouse.” This generates reports of how a trademark is being used online for a maximum fee of $150 per trademark record per year on the basic pricing structure.
Final Thoughts: Typosquatting
With that, we’ve covered everything you need to know about how typosquatting domain names works, why someone would do it, and how you can go about protecting yourself from fake sites.
Generally speaking, common sense is all that’s needed to protect user data from fraudulent domains, but the risk and potential damage for businesses is far greater and harder to combat.
Have you ever encountered a typosquatted website? If so, did it try to lure you into a phishing scam or were you simply shown a bunch of random ads? Let us know in the comments below, and as always, thank you for reading.