Basics of Typosquatting and URL Hijacking
Typosquatting (also known as URL hijacking or spoofing) is a form of cybersquatting in which an individual sets up a website that incorporates one of several typographical errors typically made when Internet users type the address of a website. Typosquatters most often take advantage of four common typos:
1. A common misspelling or foreign language spelling;
2. A misspelling based on typographical errors, such as missing a letter;
3. A slightly different phrase, such as adding an “s” to a word; and
4. A different top-level domain, such as “.org” instead of “.com.”
Typosquatters then use those bugs for their own benefit, often for personal gain. Some common misuses of domain names include: trying to sell the domain name to the original owner of the trademark; pass off the website as part of the brand entity; earn money from pay-per-click revenue; redirect a competitor; and engage in malicious activities (intercept passwords, install malware, etc.).
A 2011 study found that 80% of all misspelled domains led to websites that were somehow associated with malicious intent by the typosquatter. The study, conducted by Sophos, looked at six domain names: Facebook, Google, Twitter, Microsoft, Apple and Sophos. The study then looked at websites that made three simple typos: missing a letter; misspell a letter; and adding a letter.
According to the study, Sophos found that the most frequently used misspelled domain names were associated with companies that were high profile and had frequently visited websites. The study found that the percentage of active domains with the most common misspelled domain names were as follows:
apple 86%
Google 83%
Facebook 81%
Twitter 74%
Microsoft 61%
sixteen%
The study found that the highest proportion of misspelled domain names (15%) led Internet users to advertising sites. Another 12% of the websites were related to IT and hosting websites. 2.7% of websites were considered cybercrime, meaning they were at some point associated with hacking, phishing, online fraud, or spam. Another 2.4% of the websites had adult content or were dating sites.
Sophos also found that the impersonated company had an impact on the type of activity on the typosquatter website. Apple, for example, had a higher percentage of bait-and-switch attempts with iTunes. A company used a couple of domain names that appeared to offer iTunes software downloads, but instead enticed consumers to pay $0.99 for “unlimited downloads”—really, file download-related technical help forums. audio and video.
By contrast, Google was the most abused brand, with third parties providing search pages and presenting sponsored links as part of search results.
Businesses are taking typosquatters seriously and fighting back, both through administrative procedures and the legal system. Some companies, such as Lego, use the Uniform Domain Name Dispute Resolution Policy (UDRP) procedures to file cases with the World Intellectual Property Organization (WIPO) against typosquatters. In fact, by 2011, Lego had spent approximately $500,000 in various UDRP proceedings against 309 typosquatters.
Facebook, on the other hand, sought protection in the California court system. As a result of its lawsuit, in 2013, Facebook was awarded nearly $2.8 million in damages against various typosquatters who had registered 105 domains, including gazebook.com, gfacebook.com, and faacebok.com. In addition, the criminals had to hand over the domain names to Facebook.
Typosquatting is potentially a simple way to profit from Internet users who misspell a domain name. Such practices are likely to continue unless companies take proactive steps to quickly monitor and shut down typosquatters through administrative and legal procedures. More information on preventing typos can be found on the company’s domain name litigation services page.