What is Typosquatting? Everything you need to know and how to prevent it

Cybercriminals are getting more sophisticated with their approach to attempting phishing attacks. Typosquatting is one such technique where they make clever spelling alterations or typos to create lookalike domains to deceive visitors into believing they have landed on the official page.

What is Typosquatting?

Typosquatting is a social engineering tactic that targets internet users who unintentionally type incorrect URLs into their web browsers. This phishing technique tricks users into visiting cloned and fraudulent websites with URLs that are common misspellings of legitimate websites. 

Cybercriminals register these domains and emulate the look and feel of the original website whose clone they have created so that users don’t hesitate in sharing details or making financial transactions. The typosquat method is sometimes referred to as URL hijacking, domain mimicry, sting sites, etc. 

Real-Life Example of Typosquatting

In 1995, Michael Doughney grabbed the domain name PETA.org and registered it as a website for selling meats and leather goods. This, in fact, was the exact opposite of what PETA propagates, thus, the organization sued the domain owner over alleged trademark infringement, unfair competition, and cybersquatting.

The jurisdiction ruled in PETA’s favour and turned the name over to them. It’s since then registered as a .org site, and PETA.com redirects to the same.

Typosquatting Methods

Typosquatting domains are created using different forms of spelling alterations, with a range of techniques used by cybercriminals.

Typographical Errors

This means mistyping web addresses of common websites. For example, typing amazin.com instead of amazon.com.

Spelling Errors

Whenever you’re directed to a fake website, it’s not always a typing error. Some domain names are wrongly spelt. For example, ferarri.com instead of ferrari.com.

Alternative Spellings

Fake websites often use alternate spellings of popular brands to trick users into visiting their sites. For example; color.com instead of colour.com

False Domain Endings

You can choose to register from multiple top-level domains (TLDs) but unfortunately, so can cybercriminals. They take advantage of users’ commonly mistaken domain extensions to direct them to a cloned website. For example, using ‘.com’ instead of ‘.biz’.

Alternating the Country Code

Another typosquat technique involves changing a country code top-level domain from ‘.uk’ to ‘.us’ or from ‘.com’ to ‘.cm’. 

Typosquatting and Cybersquatting – What’s the Difference?

People often use the terms typosquatting and cybersquatting interchangeably, however, they aren’t the same. Typosquatting is buying a lookalike domain of a genuine website’s domain. For example, faecbook.com instead of facebook.com

On the other hand, cybersquatting involves purchasing domains of pre-established businesses that don’t own related websites. This is done so that buyers can sell these domains at higher prices in the future.

For example, if Red Sift doesn’t own the domain www.redsift2023.com, and it’s owned by a cybersquatter, we’ll have to pay them an amount to transfer the ownership to us.

What are the Dangers of Typosquatting?

Cybercriminals use domain finder tools to register for typographical error variations. Not all typosquatting efforts have criminal intentions, but most of them are attempted in bad faith. They create malicious websites and misdirect traffic towards them to install malware, steal credit/debit card details, phish confidential details, etc. 

Some of the common goals of developing typosquat websites include:

  • Bait and Switch: The fraudulent website claims to sell the same products and services as the original one, but customers never receive them on placing orders.
  • Domain Parking: Typosquatters register domains of popular brands and businesses only to resell them at higher prices.
  • Imitators: Cybercriminals develop cloned websites that look exactly like genuine ones. These mirror websites are used to attempt phishing attacks where users are asked to share sensitive details, make online transactions, or download malicious links. 
  • Joke Site: These are created to dampen targeted brands’ reputations by mocking them.
  • Related Search Results Listing: Owners drive traffic meant for a particular site to a competitor site and charge them on a pay-per-click basis.
  • Surveys and Giveaways: Such fake websites invite users by luring them in the name of exciting giveaways and cashback. They are asked to fill out participation forms armed to steal personal details.
  • Monetize Traffic: Typosquatters put up online advertisements and popups to make money from webpage visitors.
  • Affiliate Links: These are generally legal affiliate programs where traffic on the fake website is redirected to the official page. Typosquat domain owners earn a commission from all purchases made through this. 
  • Install Malware: Malware and adware are installed on visitors’ devices. They contain malicious codes that steal, intercept, and transfer data.

Is Typosquatting Illegal?

Typosquatting is illegal in the US under the 1999 Trademark Cyberpiracy Prevention Act. It’s regarded as an unlawful act to misdirect consumers to fraudulent websites or engage in typosquatting if the original website name is linked to a trademarked business. This allows official domain registrars to appeal to take down any website that meets typosquatting or cybersquatting criteria.

How to Prevent Typosquatting?

It’s vital to detect and take down lookalike domains as these can infect visitors’ devices with viruses that track keyboard strokes, intercept data or spy on your messages. Luckily, we’ve put together some basic measures to help you prevent being a victim of typosquatting.

Avoid Typos

Secure yourself from being a phishing attack victim by correctly entering the website name in the URL field. Recheck what you’ve typed before hitting the enter key. Also, double-check the address bar once you’ve landed on the website to ensure it isn’t a fraudulent one.

SSL Certificates

A website with an SSL certificate is indicated by a padlock sign. Refrain from visiting websites with no SSL certificate which means URLs beginning with HTTP instead of HTTPS. Never submit any confidential details or download links on unsecured websites. 

Spread Awareness

Combat typosquatting by raising awareness among your team members. Train them to utilize search engine or voice control and bookmark pages to avoid typos. Encourage them to trust websites with SSL certificates only. 

Register Your Website and Trademark

By registering your website and trademark, you get the power to file a Uniform Rapid Suspension (URS) lawsuit and take down websites fooling users away from your pages onto cloned pages. Moreover, you can register different spelling versions of your website like singular, plural, UK English, US English, hyphenated variants, etc.

Automate Domain Discovery and Takedown Fraudulent Websites

Brand Trust by Red Sift monitors 150 million newly registered domains and subdomains every day, allowing you to uncover any parked and forgotten domains, as well as impersonation sites. Once discovered, Brand Trust leverages existing relations with registrars and hosting providers to offer a phishing takedown service, drastically reducing the risk of typosquatting damaging your brand reputation.

PUBLISHED BY

Faisal Misle

19 May. 2023

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
News

Introducing DNS Guardian: Stop impersonation and spam caused by domain takeovers 

Rahul Powar

tl;dr: We’re thrilled to announce DNS Guardian — a new feature in Red Sift OnDMARC that can swiftly identify and stop domain takeovers that lead to malicious mail. Back in February, we shared updates with the community about SubdoMailing – an attack discovered by Guardio Labs. The attack was a form of subdomain takeover,…

Read more
News

Meet Red Sift Radar: The Skilled Up LLM That Finds and Fixes…

Rahul Powar

After months of beta testing and feedback, we are excited to announce that Red Sift Radar, our skilled up LLM offering seamless integration with Red Sift OnDMARC, is now commercially available.  With Red Sift Radar, security teams can detect exposures, prevent configuration drift, and classify assets or suspicious activity without adding additional headcount. By…

Read more
News

G2 Fall 2024 Report: Red Sift OnDMARC Wins Big

Francesca Rünger-Field

We’re delighted to share that Red Sift OnDMARC’s winning streak continues. This Fall, we’ve once again been named a Leader in G2’s DMARC category, achieving recognition in both the overall Leader category and Europe for the first time. This recognition is based on our high Customer Satisfaction scores and strong market presence. Red Sift…

Read more
Cybersecurity

Resilience Rising | Episode 3 with Kevin White

Red Sift

In this episode of Resilience Rising, Sean Costigan, Managing Director of Resilience Strategy at Red Sift, and Kevin White, Senior Operation Consultant with Enhanced Information Solutions, explore the critical intersection of wastewater management and cybersecurity.  The two highlight the health and operational impacts of cyber threats on water utilities, emphasizing the vulnerabilities due to…

Read more
Certificates

Your guide to PCI DSS 4.0 Cryptographic Requirements

Rebecca Warren

The Payment Card Industry Data Security Standard (PCI DSS) is a globally recognized framework designed to protect cardholder data during processing, storage, and transmission by merchants and service providers. PCI DSS outlines a set of stringent security controls that organizations handling payment card information must implement to mitigate the risk of data breaches and…

Read more