
Typosquatting is a form of cybersquatting, which exploits the fact that people often make slips when typing domain names. It targets people who reach sites by typing an address into their browser’s search bar, rather than using a search engine, and people who are sent phishing mail.
If someone gets the address they are typing wrong, or someone makes the mistake of clicking a link in a phishing mail, they will often find themselves looking at a website that’s almost identical to the site they were expecting to see. Typosquatters will even go as far as to copy the logo and house style of the spoofed website, to make visitors think they’re looking at the real thing. The deceptive tactics are aimed at tricking people into giving personal information.
Another thing scammers often do is tempt the people they lure to their site to pay for products or services, which are never actually provided. As well as hitting the innocent people who are tricked out of money and information, typosquatting affects the organisations whose sites are spoofed, because victims will often complain to them.
A less harmful version of typosquatting involves the user landing on a page full of adverts. In cases like that, the typosquatter is exploiting the popularity of a legitimate site and earning revenue from advertisers who pay on the basis of how often their ads are seen – even if the viewers have been tricked into seeing them.
What's the difference between cybersquatting and typosquatting?
Cybersquatting
is a general term for registering domain names deliberately chosen because of their similarity to the domain names used by prominent people and brands.
Typosquatting
is a form of cybersquatting that involves the registration of domain names based on common misspellings with the aim of misleading people.
Examples of typosquatting
Google and goggle.com
Google holds more than 14 distinct .com domain names that all redirect to google.com, including gogle.com and googlr.com. They were registered after Google was confronted by a typosquatting problem in 2000. A phishing website was put up at goggle.com, whose URL was very similar to Google’s.
Trade journals and phishing sites
The registration of domain names resembling the names of prominent trade journals and other media outlets is a growing trend in phishing. It involves cybercriminals registering domain names matching the names of well-known trade journals and other outlets that often report on a particular company, e.g. a financial journal that often writes about banks. The scammers then post spoof articles containing links to fake web pages resembling pages on a genuine bank’s website. The thinking behind the tactic is to avoid the need for a domain name resembling the bank’s name, which might well catch the attention of anti-abuse scanners. Without a name like that, the scammers have a better chance of being able to get on with their activities unnoticed. Unfortunately, many businesses focus on monitoring their own domain names, and forget about the domain names of trade journals and other media outlets, leaving them vulnerable to this kind of phishing.
One variant of the model that’s currently on the rise involves the publication of fake news bulletins on websites, alongside real articles. For example, sites have been found that are exact copies of news sites. An article will then suddenly appear on the site’s front page, falsely claiming that the CEO of a listed company has committed fraud, or that the company itself is having legal problems. Links to the fake article are then shared using various channels. If enough people are taken in, the targeted company’s share price will tumble. And, of course, the person behind the fake news site has gambled on that outcome on the stock market.
Types of typosquatting
Imitators
An imitation website uses the logo, house style, colour scheme and layout of the original website (e.g. a well-known insurance company). The idea is to trick people into entering their login details, which are then harvested for abusive purposes.
Bait-and-switch
A bait-and-switch site imitates a legitimate website and offers the same products. Visitors are lured into paying for things, thinking that they’re ordering from the real site, but their purchases never arrive.
Surveys and competitions
Internet users who make a slip when typing a domain name, or who click on a phishing link, are directed to a website that pretends to be a customer feedback site. However, it’s actually a site designed to harvest data for use in identity theft scams.
Mock websites
Mock websites ridicule or make fun of the website that the internet user was trying to reach. They are often set up by people wanting revenge. For example, the animal rights organisation PETA was targeted by a typosquatter who registered the domain name peta.org. The squatter used the name for a website called People Eating Tasty Animals, with links to other sites selling meat and leather products.
How can you spot typosquatting?
Typosquatted domains usually have various telltale characteristics:
Typos and spelling errors: as in goggle.com and gooogle.com.
Other extensions: such as .nl, .com or .net, e.g. nike.org instead of nike.com.
Alternative spellings: typically involves using a British spelling instead of a US spelling, or vice-versa, e.g. program instead of programme.
Not registered to the right organisation: with .nl domain names, you can check who the registrant is at
How can you prevent typosquatting?
Register variants of your domain name
If you don’t want cybersquatters to register domain names that look like yours, it’s important to register some obvious variants yourself. Variants to consider include alternative spellings of your name, versions with hyphens added or removed, and the same name with other extensions.
Keep track of your own domain names
Many large organisations have extensive domain name portfolios. Sometimes, that leads to some names being forgotten about, or to the organisation losing track of names registered by someone who has left. It’s not unusual for such domain names to remain known to internal mail servers and applications. With the result that a criminal who gets control of one can use it to gain access to company systems, for example. Good domain name portfolio management and usage monitoring are therefore vital for all organisations.
Use extended-validation TLS certificates
An extended-validation (EV) SSL certificate is a vital addition to your website. As well as showing that your site is legitimate, it serves to protect your user data. With an EV certificate, the user can be confident that they are looking at your actual, secure website, because typosquatted sites rarely have certificates of this type. Many do have certificates, but the anonymous type that don’t cost anything and can be obtained without proving your identity. However, many legitimate small businesses prefer to use free certificates, which only assure the user that they are on a site linked to the right domain. Only 1 in 10 small businesses have EV certificates. Read more about the various types of certificate.
SIDN BrandGuard
SIDN BrandGuard is a monitoring service featuring a personalised dashboard. You get an immediate notification whenever a domain name based on a typo of your brand name, or otherwise similar to it, is registered. That enables you to take prompt action to prevent typosquatting, domain name fraud, invoice fraud and CEO fraud.
SIDN BrandGuard also enables you to keep tabs on all your organisation’s registered domain names and see which of your partners are using your brand. So that you retain a proper overview of the digital landscape.