What is Typosquatting (and how to prevent it)

461

This post was originally published by Abi Tyas Tunggal.

What is typosquatting?

Typosquatting, or URL hijacking, is a form of cybersquatting targeting people that accidentally mistype a website address directly into their web browser URL field, rather than into a search engine. Cybersquatters register domain names that are a slight variation of the target brand (usually a common spelling error).

Internet users are usually unaware that they’re navigating, or even shopping, on a dummy website. Fraudulent website owners could leverage this identity theft to sell competitive products, or worse, trick users into a Personal Identifiable Information breach.


How does typosquatting work?

Typosquatting is made possible by typos, misspellings or misunderstandings of a popular domain name. If a user makes a mistake while typing a domain name and fails to notice it, they may accidentally end up on an alternative website set up by the cybercriminals.

One of the earliest examples of a typosquatting cybercrime was in 2006 when Google was the victim of typosquatting by the site Goggle.com, widely considered to be a phishing/fraud site. Typosquatters also had their sights on URLs like foogle.com, hoogle.com, boogle.com, yoogle.com, toogle.com, and roogle.com due to their close physical proximity to g. This can be a major cybersecurity risk if your business gets a large volume of traffic.

There are at least eight kinds of typosquatting:

  1. Typos: Mistyped web addresses of well-known brands in the address bar, such as “faacebook.com.”
  2. Misspelling: MIsspelled domains are a very common occurrence. Especially if the domain name is an invented word. For example, “gooogle.com.”
  3. Wrong domain extensions: As more top-level domain (TLD) names are added, so does the likelihood of typosquatting sites. An example here would be google.co. Another common domain extension error is typing “.com” instead of a “.org”
  4. Alternative spellings: Users may be misled by the abstract spelling of services, brand names or products. For example, getphotos.com vs getfotos.com
  5. Hyphenated domains/combosquatting: This involves omitting or adding a hyphen in order to illegally direct traffic to a typo-domain e.g. facebook.com vs. face-book.com
  6. Supplementing popular brand domains: If well-known brands are supplemented with appropriate words, they may produce a legitimate-sounding typosquatted domain name, e.g. apple-shop.com vs apple.com
  7. Pretending to be www: wwwfacebook.com vs www.facebook.com
  8. Abuse of Country Code Top-Level Domain (ccTLD): twitter.cm vs twitter.com leading a person who left out a letter away from the real site

What are the dangers of typosquatting?

The prevalence of Typosquatting has grown to the point of forcing large companies like Apple, Google, Facebook, and Microsoft to either register typographical error variations of their domain or block potential typosquatting domains through The Internet Corporation for Assigned Names and Numbers (ICANN) service.

Not all typosquatting efforts are motivated by cybercrime, but many owners of typosquatted domains do act in bad faith. These cybercriminals develop malicious websites that could try to install malware, install ransomware (such as WannaCry), steal credit card numbers, phish personal information.

Popular uses of typosquatted domains include:

  • Bait and switch: The fake website sells you something you would like to purchase at the correct URL, but doesn’t send you the item
  • Domain parking: The typosquatted domain owner attempts to sell the domain to the victim at a heightened price.
  • Imitators: The scam website mirrors the identity of the victim website to perform a phishing attack
  • Joke site: The site makes fun of the trademark or brand name
  • Related search results listing: Owner uses traffic that was meant for the real site to drive traffic to competitors, charging them on a cost-per-click basis
  • Surveys and giveaways: The dummy website presents visitors with a feedback form or a survey armed to steal sensitive information
  • Monetize traffic: Fake website owners put up advertisements or popups to generate advertising revenue from webpage visitors.
  • Affiliate links: The fake site redirects traffic back to the brand through affiliate links to earn a commission from all purchases via the brand’s legitimate affiliate program.
  • Install malware: The malicious website installs malware or adware on the devices of visitors.
  • Phishing: Malicious sites are developed to look exactly like popular websites in order to gain access to personal data, login credentials, or user emails.

What is Cybersquatting?

Cybersquatting is another form of domain squatting where a person buys a domain name associated with a popular brand with the aim of selling it to the brand owner at maximum profit.

Due to the cyber risk of typosquatted domains and potential revenue loss, many companies are willing to pay a lot of money for “fake” URLs to prevent misuse and to drive additional traffic to their website. Due to the cheap price of domain registration for most TLDs, cybersquatting can be incredibly profitable.

How has cybersquatting changed?

Before the internet was popular, one of the most profitable cybersquatting methods was to buy domain names associated with popular legacy brands that have not yet set up a web presence. The brands were then forced to buy the registered domains to maintain their brand identity online.

The other popular trend was to register the domain names of famous people, like actors or politicians.

These days, cybersquatting usually involves the introduction of a new top-level domain (TLD) like .xyz or .coffee. As each new TLD becomes available, there are potentially hundreds of thousands of cybersquatting opportunities.

Do any laws apply to typosquatting and cybersquatting?

In the United States, the Anticybersquatting Consumer Protection Act (ACPA) was enacted in 1999 to establish a cause of action for registering, trafficking in, or using domain names that were confusingly similar to, or dilutive of, a trademark or personal name.

Read more about the act on here

The law was designed to thwart cybersquatters who registered domain names containing trademarks with no intention of creating a legitimate website, but instead, planned to sell domains to the trademark owner or a third-party.

Since ACPA, domain name owners need to prove they intend to use their URL in good faith and that it’s not confusingly similar to an existing trademark, brand, or website.

Outside the United States, the Uniform Domain-Name Dispute-Resolution Policy (UDRP) from ICANN allows trademark holders to file a case at the World Intellectual Property Organization (WIPO) against typosquatters and cybersquatters.

You can petition WIPO to give you ownership of a domain by proving:

  • The domain is identical or confusingly similar to yours
  • The URL holder has no rights to your work
  • The domain registrar is using the site in bad faith

In 2007, the Coalition Against Domain Name Abuse (CADNA) was established to make the Internet and a safer and less confusing place by decreasing instances of cybersquatting in all forms. CADNA believes the maximum damages don’t accurately measure the damage done by typosquatting and they want to increase penalties for all typosquatting practices.

How can you avoid typosquatting?

Organizations can limit the impact of typosquatting by registering important and obvious typo-domains and redirecting these domains to their website. In addition, they can register other country extensions and other relevant top-level domains, alternate spellings, and variants with and without hyphens.

It’s a good idea to register your brand name with the Trademark Clearinghouse (TMCH) and use the Trademark Registry Exchange Service of ICANN (TRex) to ensure that unauthorized domain registrations by typosquatters and cybersquatters are blocked during and after the sunrise period.

SSL certificates are a great way to signal that your site is the real site. They tell the end-user who they are connected with and protect user data during transfer. A missing SSL certificate for a site is often a tell-tale sign that you have been taken to an alternative website.

Typosquatted domains may also be used to impersonate your organization over email. It’s, therefore, important to have your DNS information include a sender policy framework, to use secure email gateways, and software that can automatically detect mismatched From headers and envelope sender addresses.

If you believe someone is impersonating (or preparing to impersonate) your organization, take the following actions:

 

  • Notify your stakeholders: Let your customers, staff, or other relevant parties know to look out for suspicious emails or a phishing website
  • Get suspicious websites or mail servers taken down: The process for getting a website taken down depends on the geography your company operates in, but a good place to start is with the UDRP as mentioned above

Read more here: https://www.upguard.com/blog/typosquatting