Typosquatting is the registration of domain names that look like the website addresses of celebrities, companies, services, etc. with typos in order to steal traffic from them, for example, to make money from advertising. If the user enters the URL in the address bar, they will be redirected to the typosquatters’ page.
Typosquatting is essentially a form of cybersquatting — the use of domain names associated with a company for personal, often malicious purposes.
Common typos in domain names
To attract as much traffic as possible to their site, typosquatters register domain names containing typos that users typically make when entering the address in a browser:
- Transposing adjacent letters, for example, exmaple.com instead of example.com;
- Duplicating or omitting a letter;
- Replacing a letter with one next to it on the keyboard;
- Common spelling mistakes;
- Alternative spellings, such as “organisation” instead of “organization”, or vice versa;
- Omitting a dot between domain levels, for example, wwwexample.com instead of www.example.com;
- Errors in the top-level domain (for example, a country-code domain instead of .com).
Typosquatters usually register several addresses at once, similar to those of the target site or sites, so as to ensnare as many mistyping users as possible.
Typosquatters register misspelled domains with various goals in mind, including:
- Hijacking competitors’ traffic;
- Harming the victim organization’s reputation;
- Monetizing others’ traffic through placing ads or affiliate links;
- Selling counterfeit products or scamming disguised as selling;
- Domain selling, including to the victim organization;
- Fraud by means of fake surveys, lotteries, competitions, etc.;
- Malware distribution.
Protection against typosquatting
To protect against typosquatters, you can employ their methods against them. Companies can register multiple URLs with the most probable typos for themselves, thereby ensuring that visitors are redirected to the official site. However, registering multiple misspelled URLs can be quite costly.
Companies can also detect and take legal action against duplicate sites. Solutions are available to automate and simplify these tasks. For example, Kaspersky Takedown Service provides customers with end-to-end management to easily take down malicious and phishing websites.