What Is Typosquatting? How to Prevent URL Hijacking
Understanding your brand’s vulnerability and strategies to manage typosquatting threats
Typosquatting, also known as URL hijacking, is a type of cybersquatting tactic that targets a company’s website visitors. As part of your complete brand protection strategy, you should know how to best manage typosquatting threats. Before we dive into those tips, let’s first consider how typosquatting works.
What Is Typosquatting?
Typosquatting is when a cybercriminal registers a domain that includes a typo or alternative spelling of your company’s actual domain. By disguising (e.g. typing “ri” to replace an “n”), omitting, and mixing up letters, the typos establish a new domain, hijacking that traffic that was meant to redirect to the intended website. These domains often attach to misleading or even virus-infected websites, which may be used to steal a visitors personal identifiable information (PII).
How Does Typosquatting Work?
Typosquatting generally follows a straightforward process:
- A cybercriminal secures and registers a domain similar to another company’s domain. This spoofed domain could be a well-known misspelling or typo.
- The cybercriminal designs the website for that domain to resemble the original company’s sites.
- Real users who inadvertently type in the wrong URL or click on a link are unwittingly directed to the fraudulent website.
- The user navigates through the website, unaware they have “logged in” to a nefarious website and are divulging information they would have otherwise protected.
There are several tactics a cybercriminal may employ to gather URLs. This includes:
- Typos: It’s common for a user to accidentally mistype a domain (e.g. “tiwtter.com” instead of “twitter.com”) or simply not know how to spell a brand name, such as Louis Vuitton.
- Alternative Spellings: Different English-speaking countries, and even different regions within those countries, have alternative spellings of certain words—colors vs. colours, grey/gray, pediatric/paediatric, et al.
- Hyphenated Domains: Cybercriminals will also add hyphens between words within a domain (i.e., onepeloton.com vs. one-peloton.com) in an attempt to maintain the same spelling and perceived credibility.
- Alternative Domain Extensions: A simple swap of “.net” for “.com” allows many false websites go undetected.
- False “www” Tags: Most hijacked URLs won’t be able to maintain a “www” tag, but they can pretend they have one. You may see some websites with “www” thrown on at the beginning of the domain name, like “wwwfacebook.com.”
6 Dangers of Typosquatting
Once users have navigated to a fraudulent website, what’s at risk? What are cybercriminals trying to do? Here are six potential attacks that can come from typosquatting efforts.
1. Bait and Switch: The fake website attempts to sell the user something they want to purchase from the real company site. After entering the required credit card information, the user is charged for the product but never receives it. Alternatively, the goods the buyer receives are counterfeit.
2. Related Search Results: Instead of replicating the real website’s catalog, it shows the inventory of a competing business. This pulls traffic away from the intended target.
3. Surveys/Giveaways: The fake website will post a seemingly well-intentioned survey, only to steal personal information in the process.
4. Malware Installation: Once the user has navigated to an infected website, it will attempt to install malware on the user’s computer using fake download buttons or malicious pop-ups.
5. Domain Parking: The typoed domain owner may sell it back to the original company for a much higher price than they purchased it.
6. Phishing: Finally, if the fake website closely resembles the original, they may try to steal the user’s login credentials and any other personal information made available.
Are Typosquatting and Cybersquatting the Same Thing?
Typosquatting and cybersquatting are related, but there are a few key differences. Cybersquatting involves buying domains that resemble existing and established businesses that do not yet have websites. Those who purchase the domains can then sell them to businesses at a profit.
This isn’t exclusive to domain names—usernames on social media platforms, like TikTok or Instagram, can also be cybersquatted. Cybersquatting aims to earn quick cash, while typosquatting tends to focus more on stealing sensitive information.
How to Protect Yourself Against Typosquatting
There are seven strategies that you should employ to prevent typosquatting from becoming a concern for your company.
1. Trademark Your Domain
Trademarking your domain name ensures you can take legal action against those who purposefully try to emulate your domain. This action is available because of the passage of the Anticybersquatting Consumer Protection Act, which helps protect web surfers from harmful sites.
Keep in mind that the laws surrounding trademarked domains can get a little convoluted. For example, typosquatted websites that are not meant to make money and are only used to convey a negative opinion of your business (sometimes referred to as “gripe sites”) often have protection under rights guaranteed in the First Amendment.
You’ll also want to ensure your domain qualifies for registration as a trademark. If a domain includes generic words, like “clothing,” “marketing,” or any other word that doesn’t distinguish the company or product, it may not be eligible for a trademark.
2. Monitor for Impersonation Sites
Business owners simply don’t have time to investigate every URL available for typosquatting. Automating typosquatting surveillance provides an alert when a similar domain name becomes operational, giving you the time you need to take immediate action to prevent customers from getting defrauded.
Constella Intelligence’s Dome Brand Protection can alert you and your employees to potential typosquatting threats, as well as the leak of any vital personal information from similar attacks. Request a demo to see how this protection can prevent security risks in your business.
3. Register Alternative (Typoed) Versions of Your Domain
Beat typosquatters to the punch. Many big businesses do this—Amazon has registered “ammazon.com” which redirects visitors from the typo site to the correct site. When you secure potential typoed domains, you can ensure that customers are forwarded to the intended website, reducing their risk being scammed.
However, every additional domain registration requires more money out of your pocket, and generally, it will be practically impossible to keep up with the hundreds of potential misspellings and mistyped versions of your domain name.
4. Utilize HTTP(S)
HTTP and HTTPS are both SSL certificates that signify the authenticity and security of a website. Obtaining an SSL certificate can signal to customers that your website is authentic. Most typosquatters won’t bother trying to get an SSL certificate for their fake website, so the lack of a security tag can alert customers to leave a typosquatted site.
5. Monitor Your Traffic
If you see a suspicious dip in traffic to your website, it could be an indication that you’ve been a victim of a typosquatter. You should always monitor your site traffic closely—unexplained decreases for a specific landing page may be a result of typosquatting.
6. Train Your Staff and Customers
When conducting cybersecurity training with your staff, raise awareness of best practices to avoid typosquatting. If this is a known issue for your brand, you might also direct your customers to type the company name into a search engine rather than directly into the URL bar to avoid navigating to the wrong site by mistake.
7. Remove False Websites Immediately
When your cybersecurity system alerts you to potential typosquatters, assess the risk and take action. This may include requesting the removal of a typosquatted website. If you’ve registered your domain name, approval to remove the site can happen relatively quickly.
Protect Your Brand Identity Today
The threat of typosquatting and other forms of hacking is always present. It’s important to stay updated to protect your company and employees. Stay connected to the world of cybersecurity, get exclusive updates, breaches, and the latest news by subscribing to our newsletter.