What is typosquatting?

 

Typosquatting definition

As you may recall from our discussions of different types of phishing scams, cybercriminals sometimes try to lure their unsuspecting victims to fake websites where they trick them into entering login credentials or installing malware. Typosquatting is one way of tricking people to visiting these malicious websites. The word comes from “typo” – the small mistakes we all can make when typing – and “squatter” – a person who settles unlawfully on property without paying. In typosquatting, a person registers a domain name that is a common misspelling of a legitimate company’s website, e.g. gooogle.com instead of google.com. Then when a user incorrectly types the URL into their web browser, they will be taken to the false site. Such scams also go by the names website hijacking, URL hijacking, domain mimicry or fake URLs.
 
Typosquatting starts as a legitimate business transaction, with the scammer buying and registering a domain name that is a misspelling of a popular website. Sometimes they will even purchase multiple URLs that are variants of the same name – like amzon, amazun, maazon, amozan, etc. Another variation is to spell the company name correctly but use a different top-level domain name, like amazon.net instead of amazon.com. Or to register the letters www as part of the name, like wwwamazon.com instead of www.amazon.com. Because this practice has become so widespread, many companies have resorted to buying up these typo versions of their names themselves or blocking such domains through The Internet Corporation for Assigned Names and Numbers (ICANN) service as typosquatting protection.

Types of typosquatting attacks

Once the scammer has registered the false domain, there are many ways it can be used to their advantage – at the expense of the unsuspecting user. For example, they can build a website that looks enough like the real thing that people are tricked into logging in. The cybercriminal can then phish their login credentials – and if the victim uses the same username and password across multiple sites, their other online accounts are at risk as well. Although typosquatting is often used in such phishing scams, the perpetrators may have other tricks in mind. For example, they can drive traffic meant for the real site to the competitors instead, charging on a per-click basis. Or they can generate revenue through advertisements, pop-ups or affiliate links on the fake site. It is quite common for hijacked websites to be used to install malware or adware on the devices of those who mistakenly visit the site. And typosquatting can also be used to set up joke sites that make fun of the owner of the legitimate site, be it a company, a celebrity or a politician.

How to protect yourself against typosquatting

As an individual, the best way to protect yourself against landing on a typosquatting website is to exercise caution. Don’t click on links or open email attachments unless you are 100% sure you can trust the source and the sender. Use your mouse to hover over links and carefully inspect the URLs before clicking. And since typosquatting is based on the fact that we are all prone to typos, avoid typing the URL directly into the browser yourself. Instead you can:

• Bookmark sites you visit often
• Use a search engine to look for the site and use the link on the results page
• Use voice recognition software or a smart assistant to go to popular websites
• Leave sites that you visit every day open in the browser tabs

How companies can prevent typosquatting

For companies, the most straightforward – although expensive – way to prevent typosquatting of their websites is to trademark their domains and purchase all related domain names that could be easily misspelled. Once a domain has been trademarked, it is possible to file complaints against typosquatters. Monitoring services are also available to help companies keep track of how their names are being used and watch for significant changes in site traffic.

Famous typosquatting examples

You may still recall one of the earliest examples of typosquatting that occurred 15 years ago, when cybercriminals registered goggle.com and operated it as a phishing site. Although it usually only makes headlines when it affects a major corporation or brand, the  practice is still going strong today. For example, several candidates in the 2020 US presidential election reported that fake URLs that were close to their names had been set up for malicious motives ranging from spreading misinformation to fake fundraising pages. And Domain Tools has documented more than 150,000 high-risk sites related to COVID-19 since December 2019.
 
We hope this information will help raise your awareness and keep you safe from fraudulent websites! Please leave us your feedback below.
 
Images: 1&1/Shutterstock