By Kayly Lange May 10, 2023
Typosquatting goes by many names: URL hijacking, domain mimicry and domain typo-squatting, to name a few. However, they all mean the same thing: malicious attackers register domain names similar to popular websites but with common typos and variations.
Typosquatting aims to trick users who mistype the legitimate URL into visiting and using the fraudulent site. It is a widespread practice. In fact, one report found more than 500 squatted domains related to candidates during the 2020 presidential election year. Likewise, there have been more than 150,000 pandemic-themed domain names since December 2019.
Typosquatting leaves individuals vulnerable to identity theft, malware and virus attacks, inappropriate content and more. It also hurts businesses, who miss out on revenue when customers shop typosquatting sites and suffer reputational damage when users have a negative experience.
Organizations must watch out for fraudulent websites and take action when needed. Here is what you need to know about typosquatting and how to protect your business against it.
How typosquatting works
Visitors typically end up visiting a fraudulent website in two ways:
- Mistyping the name of a website directly into their browser instead of using Google or another search engine. For example, they write “Splunk.cm” instead of “Splunk.com”
- Being lured into a lookalike website as the result of a phishing attack.
The websites may try to create the same look and feel as the web pages they’re mimicking to bait users into disclosing personal information, such as login info or credit card details. Bad actors can then use this information, especially if users have the same usernames and passwords on multiple sites so that even unrelated accounts are at risk.
Typosquatting relies on human errors, such as:
- Typos. Although a simple human error, accidentally pressing the wrong letter can significantly affect users. These errors occur when users mistype the URL by pressing the wrong keys. For example, “spIunk.com” with a capital I instead of “splunk.com” with a lower-case L.
- Top-level domain (TLD). These errors occur when users type in the wrong domain ending. For example, “google.co” instead of “google.com.”
- Subdomain. Users accidentally type the subdomain as part of the main domain, like “blogsplunk.com” instead of “blog.splunk.com.”
- Hyphenated domains. Some domain names include hyphens, leading to errors if users mistakenly add one or forget to use it. For example, “amazon-prime.com” instead of “amazon.com”.
- Alternative spellings. Some typosquatting websites rely on different spelling to lure in users. For example, “write” instead of “right.” They are also common for words with variations for US or UK English. For example, “color” in American English is spelled “colour” in British English.
Examples
Many typosquatting incidents go unnoticed, but there have been some famous cases that gained attention:
- In 2006, David Cenciotti registered the domain “Goggle.com.” He used the website to display ads and generate traffic revenue. Google took legal action against Cenciotti, and the domain was transferred to Google.
- In 2013, the domain “twiter.com” was discovered, which redirected users to a survey scam that tricked visitors into providing personal information. Thousands of users fell victim to the fraud before it was finally removed.
- Also in 2013, Facebook won a settlement against over 100 domain squatters requiring them to pay almost $2.8 million.
Even the largest and most secure corporations must be diligent against typosquatting to ensure it doesn’t compromise customer data or hurt their reputation.
Types of Typosquatting
There are many different reasons that hackers use typosquatted domains. Just a few uses include:
Install malware
The biggest reason hackers use fraudulent websites is to host malicious content or encourage users to download infected files. One study found that over 18% of registered squatting domains were malicious and used to distribute malware or conduct a phishing attack.
Phishing
By resembling legitimate websites, hackers trick users into providing sensitive information for identity theft, fraudulent transactions and other cybercrimes.
(Avoid phishing attacks, including the more precise spear phishing.)
Advertising
Some fraudulent websites display ads or use click fraud schemes to generate revenue from unsuspecting visitors. These ads may…
- Redirect users to other malicious websites.
- Trick them into downloading malware.
Competitor disruption
Bad actors siphon web traffic from legitimate websites by registering domain names similar to their competitors. It can be a form of corporate sabotage or a way to get an unfair advantage.
Counterfeit sales
Some typosquatted websites sell counterfeit and knockoff products. These products can harm the reputation of the legitimate brand and trick consumers into buying low-quality items they cannot return.
Spamming
Some of these domains are used to send spam or phishing emails that appear to come from legitimate sources. By using a domain that closely resembles the real one, attackers can increase the chances that recipients will open and interact with the malicious emails.
How to protect against typosquatting
Typosquatting can hurt company sales and brand reputations, so organizations must diligently fend off attempts. While any business can be a potential target for typosquatting, certain companies and industries are more vulnerable:
- High-traffic websites
- E-commerce retailers and financial institutions
- Brands with strong name recognition
- Businesses with complex domain names
There are multiple steps you should take to protect your business from typosquatting:
Register common misspellings and variations. The first step is stopping bad actors from acquiring the domains in the first place. Proactively register domain names that are common misspellings, variations, or phonetic approximations of your primary domain.
Acquire alternative TLDs. Register your domain name with various TLDs, like .net, .org, and .co, to reduce the likelihood of typosquatters exploiting these alternatives.
Monitor domain registrations. ICANN (Internet Corporation for Assigned Names and Numbers) has a Trademark Clearing House that allows website owners to monitor how their names are used with different domains. Regularly check in to see how names similar to your brand or domain are used.
Implement domain name system security extensions (DNSSEC). DNSSEC will protect your domain from multiple cyber threats, including typosquatting.
Report fraudulent domains. Report typosquatted domains to relevant authorities like ICANN or the domain registrar. They may be able to suspend or remove the fraudulent site.
Pursue legal action. If you discover a typosquatted domain that infringes on your copyright or trademarks, legal action may be necessary to control the domain and prevent further harm. If relevant authorities cannot remove the site, consider getting a lawyer to help.
Educate customers and employees. Raise awareness among your customers and employees about potential typosquatting. Let them know the risks and encourage them to double-check URLs and use a search engine to find your website.
While stopping all typosquatting may be impossible, you can mitigate some risks and better protect your brand, reputation and customers.
Protecting against fraudulent websites
Typosquatting is a common malicious practice used for various nefarious purposes, such as phishing, malware distribution, traffic diversion, and more. They pose significant risks to both visitors and businesses.
To protect your business from typosquatting by proactively registering misspellings and variations on your domain name and monitoring registrations. Be prepared to take legal action when necessary and report any suspicious registrations immediately. These strategies can help you better safeguard your reputation, brand, and customers from the various threats posed by typosquatted websites.
What is Splunk?
This posting does not necessarily represent Splunk's position, strategies or opinion.