What is Typosquatting?

Typosquatting הוא social engineering attack that exploits internet users who mistakenly type a URL into their web browser instead of using a search engine. This tactic typically involves luring users to malicious websites that have URLs resembling common misspellings of legitimate sites. Consequently, users might be deceived into providing sensitive information on these fraudulent sites. For the organizations targeted, such attacks can cause considerable reputational harm.

The term ‘typo’ in typosquatting refers to minor errors people can make when typing on a keyboard. Typosquatting is also known as URL hijacking, domain mimicry, sting sites, or fake URLs.

What is typosquatting

What is typosquatting?

Typosquatting is a type of cybercrime where hackers register domains with intentionally misspelled names of popular websites. The goal is to deceive unsuspecting visitors into accessing these alternative sites, usually for malicious purposes. Visitors may reach these sites in one of two ways:

  • By accidentally mistyping the name of a popular website into their web browser (e.g., gooogle.com instead of google.com).
  • By being directed there as part of a larger phishing attack.

Hackers may replicate the appearance of the legitimate sites they are mimicking, hoping users will provide personal information such as credit card or bank details. Alternatively, these sites might be well-optimized landing pages filled with advertisements or pornographic content, generating substantial revenue for their owners.

Typosquatting affects not only users but also business owners, as every stolen visitor represents a potential lost customer. Therefore, companies and organizations should monitor for fake versions of their websites and take appropriate action.

How does typosquatting work?

Typosquatting attacks begin with cybercriminals purchasing and registering domain names that are misspellings of popular websites. Some cybercriminals go as far as buying multiple URLs. For instance, instead of securing example.com, they might buy examplle.com or exmple.com.

These domains become dangerous when real users start visiting them, either due to mistyping the URL or being lured there by a phishing scam, typically through email containing a link to the typosquatted website.

Often, the fake site is crafted to resemble the real one, using the legitimate organization’s logo and design. Users who don’t realize they are on a fake website may be tricked into entering sensitive information, such as their username and password or their bank and credit card details. Hackers can then access this information, and if the victim uses the same credentials across multiple sites, other online accounts become vulnerable.

Typosquatting largely exploits confusion or simple human errors, such as:

Typos

Typographical errors are common when entering search information, often due to our rushed daily lives. People who type quickly and imprecisely or rely heavily on autocorrect are especially prone to these mistakes – for example, typing gogle.com instead of google.com.

Spelling errors

Sometimes, a user doesn’t make a typo but is unaware of the correct spelling of a brand name. Squatters capitalize on this by registering misspelled variants of site names before others do, then redirecting these versions to the legitimate homepage.

Alternative spellings

Different spellings of common product names or services can confuse internet users. For example, American English and British English variations like “favorite” (American) versus “favourite” (British). A web address containing a word spelled differently in other countries can lead users to type the wrong URL into their browser.

Hyphenated domains

The addition or omission of a hyphen in a domain name can also cause confusion. For example, if the URL is normally example-onlineshop.com, typosquatters might add an extra hyphen, creating example-online-shop.com. At a glance, users may mistake this for the genuine site, while typosquatters use it for malware or advertising purposes.

Wrong domain endings

The variety of domain endings for different countries (e.g., .com, .co.uk, .cn) and organization types (e.g., .com, .org, .web, .shop) provides further opportunities for typosquatting. Website operators should register multiple top-level domains to prevent these permutations from falling into the wrong hands. Typosquatters particularly favor the Colombian top-level domain, .co, due to its similarity to the widely used .com.

Types of typosquatting

The most common uses of typosquatted domains include:

Imitators

These scam websites pose as the legitimate site, adopting its logo, color scheme, and page layout. For instance, if imitating a well-known bank, the site will mimic the bank’s appearance. The goal is to host a phishing scam to collect login credentials and personal data.

Bait and switch

These fake websites claim to sell items that one might buy at the correct URL, often digital purchases that are hard to dispute on a credit card statement. Buyers do not receive the item they wanted but are still charged for it.

Related search results listing

The site owner redirects traffic intended for the real site to competitors, charging them on a cost-per-click basis.

Monetize traffic

Fake website owners generate advertising revenue by hosting ads or pop-ups on the site.

Surveys and giveaways

The fake site pretends to gather customer feedback, but its real aim is to collect enough information to carry out identity theft.

Affiliate links

The site redirects traffic back to the brand via affiliate links, earning a commission from purchases made through the brand’s legitimate affiliate program.

Install malware

The malicious website installs malware or adware on visitors’ devices.

Joke sites

These sites mock or ridicule the legitimate site the user intended to visit, often motivated by revenge.

Cybersquatting vs typosquatting

A similar cybercrime to typosquatting is cybersquatting, also known as domain squatting. In this case, individuals purchase URLs with similar spellings to other websites and brands. The primary motivation is not to create a website at these addresses but to sell the URLs to the owners of the legitimate websites and brands for a significant profit.

To protect their customers and brands, many companies feel compelled to buy these URLs from cybersquatters and are often willing to pay a premium. This makes cybersquatting a lucrative activity since registering domains for most TLDs is relatively inexpensive.

Cybersquatters aim to make easy money. In contrast, typosquatters go further by attempting to hack into a person’s computer, making the victim vulnerable to identity theft and security breaches.

A variation on typosquatting is called combosquatting. In this scenario, criminals register domains that are slightly different from legitimate domains by adding extra words, such as amazon-onlineshop.com, to confuse users into thinking it is a legitimate Amazon website. Here, no typos are involved; the deception lies in the presence of additional words.

Examples of Typosquatting

One of the earliest and most notable examples of typosquatting involved Google. In 2006, typosquatters registered Goggle.com, which operated as a phishing site. Over the years, various misspellings of Google’s name—such as foogle, hoogle, boogle, and yoogle (all close to the letter “g” on QWERTY keyboards)—have been registered to divert traffic from the search engine.

Celebrities like Madonna, Paris Hilton, and Jennifer Lopez have also been victims of typosquatting. Websites using variations of their names were set up to host pornographic content, ads, or affiliate links, deceiving unsuspecting fans.

In the lead-up to the 2020 US presidential election, it was reported that several candidates had typosquatting domains registered in their names by criminals with various malicious intentions.

How to protect yourself against typosquatting

For individuals

  • Avoid clicking on links in unexpected emails, text messages, chat messages, or on unfamiliar websites. Exercise caution when clicking on links in social media; if in doubt, don’t click.
  • Avoid opening email attachments unless you are certain of the source and sender.
  • Use antivirus software to monitor and protect against malware. A comprehensive cybersecurity program can help detect threats broadly and provide malware protection.
  • Hover over links and carefully inspect URLs before clicking. Look for missing or extra letters, incorrect spelling, hyphens, and the URL suffix (e.g., google.com vs. google.mailru.co).
  • Bookmark your favorite sites to visit them directly without typing the URL into your web browser.
  • Alternatively, navigate to websites by searching for them via search engines and clicking on the URL from the results page.
  • Use voice recognition software to access popular URLs.
  • Keep frequently visited sites open in your browser tabs; most popular browsers offer the option to continue where you left off or to specify a set of sites to start with.
  • Use a safe search tool instead of typing URLs directly.

For organizations

Register typo versions of your domain before squatters do

Purchase important and obvious typo-domains and redirect them to your website. Additionally, register other country extensions, relevant top-level domains, alternate spellings, and variants with and without hyphens. Once registered, these misspelled domains can easily be rerouted to the actual website using redirects.

Use ICANN’s monitoring service

ICANN (the Internet Corporation for Assigned Names and Numbers) provides the Trademark Clearinghouse service. Website owners can use this service to monitor how their names are being used across different domains. This service is available to both nationally and internationally registered brands.

Use SSL certificates to signal trust

SSL certificates are an excellent way to indicate that your website is legitimate. They inform the end-user about who they are connected with and protect user data during transfer. A missing SSL certificate can be a sign that you have been redirected to an alternative website.

Notify stakeholders

If you believe someone is impersonating (or preparing to impersonate) your organization, inform your customers, staff, and other relevant parties to be on the lookout for suspicious emails or phishing websites.

Get suspicious websites or mail servers taken down

The process for getting a website taken down varies by jurisdiction, but a good starting point is ICANN’s Uniform Domain Name Dispute Resolution Policy. This policy outlines the procedure for trademark holders to raise complaints and have disputed sites taken down.

Legislation and preventive measures

While legislation in the US and other jurisdictions can help protect websites from typosquatters, taking legal action can be costly in terms of time and energy. It is highly recommended to take preventative measures to ensure that your site does not become a target of typosquatting attacks. As with most forms of cyberattacks, the key to preventing typosquatting is constant vigilance. Your website visitors rely on you to identify and shut down any scam sites operating under your name—if you don’t, you could lose their trust.

FAQ’s

What is typosquatting?

Typosquatting is a type of cybercrime where hackers register domains with intentionally misspelled names of popular websites to deceive visitors into accessing these sites, usually for malicious purposes. Visitors may reach these sites by accidentally mistyping a URL or being directed there through phishing attacks.

How does typosquatting work?

Cybercriminals purchase and register domain names that are misspellings of popular websites. These domains become dangerous when real users visit them, either due to mistyping or being lured by phishing scams. The fake sites often mimic the real ones, tricking users into providing sensitive information such as login credentials or financial details.

How have celebrities been affected by typosquatting?

Celebrities like Madonna, Paris Hilton, and Jennifer Lopez have had websites set up using variations of their names. These sites hosted pornographic content, ads, or affiliate links to deceive fans.

How did typosquatting affect the 2020 US presidential election?

In the run-up to the 2020 US presidential election, several candidates had typosquatting domains registered in their names by criminals with various malicious intentions.

Why is constant vigilance important for preventing typosquatting?

Preventing typosquatting requires constant vigilance. Website visitors rely on organizations to identify and shut down scam sites. Failure to do so can result in loss of trust and potential damage to the organization’s reputation.

מַסְקָנָה

Typosquatting is a serious threat in the digital world, exploiting common mistakes to deceive users and compromise their data. Both individuals and organizations must stay vigilant, avoiding suspicious links and taking proactive steps to protect against these attacks. By registering typo domains, utilizing monitoring services, and employing SSL certificates, we can collectively mitigate the risks of typosquatting and safeguard the online ecosystem.

גלילה למעלה