What is Typosquatting?

What is Typosquatting?

Table of contents

  1. How does typosquatting work?
  2. What are the dangers of typosquatting?
  3. What is cybersquatting?
  4. How has cybersquatting changed?
  5. Do any laws apply to typosquatting and cybersquatting?
  6. How can you avoid typosquatting?
  7. How UpGuard can help protect against typosquatting

1. How does typosquatting work?

  1. Typos: Mistyped web addresses of well-known brands in the address bar, such as goigle.com
  2. Misspelling: Many web addresses can be misspelled. An example would be gooogle.com
  3. Wrong domain extensions: As more top-level domain (TLD) names are added, so does the likelihood of typosquatting sites. An example here would be google.co
  4. Alternative spellings: Users may be misled by alternative spelling of services, brand names or products like getphotos.com vs getfotos.com
  5. Hyphenated domains/combosquatting: This involves omitting or adding a hyphen in order to illegally direct traffic to a typo-domain e.g. facebook.com vs. face-book.com
  6. Supplementing popular brand domains: If well known brands are supplemented with appropriate words, they may produce a legitimate-sounding typosquatted domain name, e.g. apple-shop.com vs apple.com
  7. Pretending to be www: wwwfacebook.com vs www.facebook.com
  8. Abuse of Country Code Top-Level Domain (ccTLD): twitter.cm vs twitter.com leading a person who left out a letter away from the real site

2. What are the dangers of typosquatting?

  • Bait and switch: The site is trying to sell you something you may have bought at the correct URL and then not sending you the item
  • Domain parking: Owner wants to sell the domain for a price that increases as your business grows
  • Imitators: The website passes itself off as the real location to perform a phishing attack
  • Joke site: The site makes fun of the trademark or brand name
  • Related search results listing: Owner uses traffic that was meant for the real site to drive traffic to competitors, charging them on a cost-per-click basis
  • Surveys and giveaways: Site pretends like they’re interested in feedback from the real site’s customer to try get access to sensitive information
  • Monetize traffic: Owner puts up advertisements or popups to generate advertising revenue from direct navigation misspellings
  • Affiliate links: Site redirects traffic back to the brand through an affiliate link, earning a commission for each real purchase through the brand’s affiliate program
  • Install malware: To infect or generate revenue from adware
  • Phishing: Attempt to gain personal data, login credentials or emails

3. What is Cybersquatting?

4. How has cybersquatting changed?

5. Do any laws apply to typosquatting and cybersquatting?

  • The domain is identical or confusingly similar to yours
  • The URL holder has no rights to your work
  • The domain registrar is using the site in bad faith

6. How can you avoid typosquatting?

  • Notify your stakeholders: Let your customers, staff, or other relevant parties know to look out for suspicious emails or a phishing website
  • Get suspicious websites or mail servers taken down: The process for getting a website taken down depends on the geography your company operates in, but a good place to start is with the UDRP as mentioned above

7. How UpGuard can help protect against typosquatting

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
UpGuard

UpGuard

https://www.upguard.com — UpGuard combines third-party security ratings, vendor questionnaires, and threat intelligence in a single cyber risk solution.