Typosquatting is a form of computer crime in which attackers deliberately register domain names that resemble well-known websites but contain small typos. It is therefore a sub-category of domain spoofing and is also related to so-called homoglyphic attacks. The aim is to lure Internet users who mistype a web address to the fake website. Typosquatting is also known as URL hijacking, domain mimicry or URL spoofing.
Typosquatting examples
Some examples of what typosquatting can look like:
- Omitted letters: outloo.de
- Spelling mistakes and typos: netflicks.com
- Swapped letters: faecbook.de
- Short name additions: facebooksocial.com
- Alternative endings (top-level domains): paypal.co
- Omitted or inserted hyphens: you-tube.com
- Subdomain squatting: Typosquatting adds a popular domain name as a subdomain to a less popular domain. For example, a typosquatter might register ‘www.google.superfake.com’.
What are the objectives of typosquatters?
Basically, criminals who practise typosquatting want to earn money. To achieve this, they deceive users. The ultimate methods of profiting from deception are numerous:
Phishing and identity theft
One of the main goals of typosquatting is to trick users into entering personal information such as usernames, passwords, credit card numbers or other sensitive data on a fake website. This information can then be misused for identity theft or other criminal offences.
Distribution of malware
Attackers can use fake domains to spread malware. When a user visits the fake website, it can automatically download malware such as viruses, trojans or ransomware that infects the user’s computer.
Generating advertising revenue
In some cases, typosquatting can be used to generate advertising revenue. The fake websites can be flooded with adverts that generate revenue per click or per impression for the attackers. The basis of this model is the high number of users who accidentally end up on the wrong domain.
Gaining a competitive advantage
Sometimes competitors can use typosquatting to redirect visitors from a popular website to their own. In this way, they can intercept potential customers before they reach the actual target page.
Domain hijacking
In some cases, attackers register typosquatted domains with the intention of later selling them to the company concerned. This can even be a case of extortion, where the company is forced to pay a large sum to acquire the domain and protect its brand. Typosquatting domains can damage a company’s reputation by directing users to sites that are harmful to the company itself.
Manipulating search results
The operator uses the traffic on the actual website to redirect it to competitors’ sites and gets paid per click.
Political goals
Political aims can also drive typosquatters: for example, there were at least two addresses on the US president’s website www.whitehouse.gov that were similar to this URL but not part of the president’s official information offering: www.whitehouse.com (formerly a political discussion site) and www.whitehouse.org (a satirical site).
The infamous hacking incident in the 2016 US elections was also attributed in part to typosquatting, highlighting its potential as a tool of political manipulation.
Typosquatting, domainsquatting, cybersquatting
Domainsquatting (also known as cybersquatting) is the deliberate registration of domain names that are very similar to names, trademarks or other protected designations. The aim of this practice is usually to later sell the domain to the rightful owner of the trademark or name at a disproportionately high price. In addition to financial goals, the domain squatter may also be interested in damaging the reputation of the person or company concerned (see above).
While typosquatting uses deliberate typos or variations in the domain to deceive users, domain squatting involves correctly spelled but unauthorised domains that contain well-known names or brands.
How can you protect yourself from typosquatting?
As spelling mistakes are not criminally relevant, it is difficult to protect yourself from typosquatting in this respect. Many companies try to register domains that are similar to their own in order to prevent misuse.
In addition, it is almost impossible to take action against typosquatting, as the perpetrators usually have their servers abroad and continue to operate under a new name a short time later, even if they are banned by a court. Theoretically, it is conceivable to take action against the operators of typosquatting sites, or even against the central registry DENIC. Unfortunately, the situation is often opaque and the logistical and financial effort involved in securing numerous domains or taking legal action is too great, especially for smaller companies.
Protection against typosquatting
As already mentioned, the targets of typosquatting and phishing attacks are similar. The countermeasures and protective measures are also partially identical:
Not yet using NoSpamProxy?
With NoSpamProxy you can reliably protect your company from cyber attacks. Request your free trial version now!