This post was originally published by Abi Tyas Tunggal.
What is typosquatting?
Typosquatting, or URL hijacking, is a form of cybersquatting targeting people that accidentally mistype a website address directly into their web browser URL field, rather than into a search engine. Cybersquatters register domain names that are a slight variation of the target brand (usually a common spelling error).
Internet users are usually unaware that they’re navigating, or even shopping, on a dummy website. Fraudulent website owners could leverage this identity theft to sell competitive products, or worse, trick users into a Personal Identifiable Information breach.
How does typosquatting work?
Typosquatting is made possible by typos, misspellings or misunderstandings of a popular domain name. If a user makes a mistake while typing a domain name and fails to notice it, they may accidentally end up on an alternative website set up by the cybercriminals.
One of the earliest examples of a typosquatting cybercrime was in 2006 when Google was the victim of typosquatting by the site Goggle.com, widely considered to be a phishing/fraud site. Typosquatters also had their sights on URLs like foogle.com, hoogle.com, boogle.com, yoogle.com, toogle.com, and roogle.com due to their close physical proximity to g. This can be a major cybersecurity risk if your business gets a large volume of traffic.
There are at least eight kinds of typosquatting:
What are the dangers of typosquatting?
The prevalence of Typosquatting has grown to the point of forcing large companies like Apple, Google, Facebook, and Microsoft to either register typographical error variations of their domain or block potential typosquatting domains through The Internet Corporation for Assigned Names and Numbers (ICANN) service.
Not all typosquatting efforts are motivated by cybercrime, but many owners of typosquatted domains do act in bad faith. These cybercriminals develop malicious websites that could try to install malware, install ransomware (such as WannaCry), steal credit card numbers, phish personal information.
Popular uses of typosquatted domains include:
What is Cybersquatting?
Cybersquatting is another form of domain squatting where a person buys a domain name associated with a popular brand with the aim of selling it to the brand owner at maximum profit.
Due to the cyber risk of typosquatted domains and potential revenue loss, many companies are willing to pay a lot of money for “fake” URLs to prevent misuse and to drive additional traffic to their website. Due to the cheap price of domain registration for most TLDs, cybersquatting can be incredibly profitable.
How has cybersquatting changed?
Before the internet was popular, one of the most profitable cybersquatting methods was to buy domain names associated with popular legacy brands that have not yet set up a web presence. The brands were then forced to buy the registered domains to maintain their brand identity online.
The other popular trend was to register the domain names of famous people, like actors or politicians.
These days, cybersquatting usually involves the introduction of a new top-level domain (TLD) like .xyz or .coffee. As each new TLD becomes available, there are potentially hundreds of thousands of cybersquatting opportunities.
Do any laws apply to typosquatting and cybersquatting?
In the United States, the Anticybersquatting Consumer Protection Act (ACPA) was enacted in 1999 to establish a cause of action for registering, trafficking in, or using domain names that were confusingly similar to, or dilutive of, a trademark or personal name.
The law was designed to thwart cybersquatters who registered domain names containing trademarks with no intention of creating a legitimate website, but instead, planned to sell domains to the trademark owner or a third-party.
Since ACPA, domain name owners need to prove they intend to use their URL in good faith and that it’s not confusingly similar to an existing trademark, brand, or website.
Outside the United States, the Uniform Domain-Name Dispute-Resolution Policy (UDRP) from ICANN allows trademark holders to file a case at the World Intellectual Property Organization (WIPO) against typosquatters and cybersquatters.
You can petition WIPO to give you ownership of a domain by proving:
In 2007, the Coalition Against Domain Name Abuse (CADNA) was established to make the Internet and a safer and less confusing place by decreasing instances of cybersquatting in all forms. CADNA believes the maximum damages don’t accurately measure the damage done by typosquatting and they want to increase penalties for all typosquatting practices.
How can you avoid typosquatting?
Organizations can limit the impact of typosquatting by registering important and obvious typo-domains and redirecting these domains to their website. In addition, they can register other country extensions and other relevant top-level domains, alternate spellings, and variants with and without hyphens.
It’s a good idea to register your brand name with the Trademark Clearinghouse (TMCH) and use the Trademark Registry Exchange Service of ICANN (TRex) to ensure that unauthorized domain registrations by typosquatters and cybersquatters are blocked during and after the sunrise period.
SSL certificates are a great way to signal that your site is the real site. They tell the end-user who they are connected with and protect user data during transfer. A missing SSL certificate for a site is often a tell-tale sign that you have been taken to an alternative website.
Typosquatted domains may also be used to impersonate your organization over email. It’s, therefore, important to have your DNS information include a sender policy framework, to use secure email gateways, and software that can automatically detect mismatched From headers and envelope sender addresses.
If you believe someone is impersonating (or preparing to impersonate) your organization, take the following actions:
Read more here: https://www.upguard.com/blog/typosquatting