Are you prone to fat-fingering when typing? While typing an "e" instead of an "a" or forgetting a "hyphen" when typing the address of your favorite websites is seemingly innocuous, it may make you a victim of a vicious practice known as typosquatting.
Typosquatting happens when a cybercriminal buys and registers a misspelled domain name of a popular website. The purpose of typosquatting is to target those internet users that make typing mistakes when searching for websites.
But how does typosquatting work, and what are its different types? What do criminals get out of typosquatting, and are there ways to protect ourselves against it?
How Does Typosquatting Work?
When cybercriminals buy and register domain names that are "misspelled" copies of legit websites, they might add an extra vowel or replace a character such as "goggle.com" instead of "google.com." Once a user mistypes a URL, they get directed towards those fraudulent websites instead of the real ones.
If the users are unaware that they have landed on a fake website, they might end up divulging personal information and even start shopping for items unknowingly.
Types of Typosquatting
The earliest examples date back to 2006 when Google became a victim of typosquatting by a phishing website registered as "goggle.com." Try typing "foogle.com" or "hoogle.com," and you will most likely stumble upon fake websites trying to lure you into buying their products or giving out personal information. As you can imagine, this can be a huge security concern for popular websites that regularly attract a large volume of traffic.
Here are the various types of typosquatting tactics that cybercriminals can use:
Typos: Mistyped addresses of well-known and popular websites such as "faacebook.com." Notice the extra "a."
Incorrect Spellings: Typosquatters take advantage of the fact that most internet users are not spelling bees. Anytime you make a spelling mistake while typing a URL in the address bar, you may end up stumbling upon a fake website instead.
Alternate Spellings: Innocent users may be misled by the alternate spelling of famous brand names or products. For example, "getphotos.com" vs. "getfotos.com."
Adding "www" to the URL: Typosquatters may pretend to be "wwwgoogle.com" instead of "www.google.com."
Wrong Domain Extension: Changing the extension of a site, for example, entering ".com" in place of ".org."
Combosquatting: Typosquatters add or remove a hyphen in a domain's name to fraudulently direct traffic to a mistyped domain. For example, "face-book.com" instead of "facebook.com."
Including an Additional Dot: Adding or removing a period in the middle of a domain is another method of typosquatting deceit. So, instead of "fandango.com," it could be "fan.dango.com."
Similar Domains: These web addresses are copycats of their official versions, but a central dot is absent.
Reasons Why Cybercriminals Use Typosquatting
Typosquatting incidents have spiked so much in the past that it has pushed prominent companies like Google, Apple, Facebook, and Microsoft to take some extra measures. These companies are now either registering typographical error variations of their domains or blocking off potential typosquatting domains through The Internet Corporation for Assigned Names and Numbers (ICANN) service.
Here are some popular reasons and motivations behind typosquatting:
Creating Malicious Websites: Some cybercriminals use typosquatting to develop malicious websites that install malware, ransomware (such as WannaCry), phish personal information, or steal credit card data.
Bait and Switch: Typosquatters create fake websites to sell items that users are supposed to purchase at the correct URL. While they get the payment info from the users, no items are sent out to them.
Imitators: Some typosquatters use scam websites to conduct phishing attacks on their victims.
Domain parking: Sometimes, the typosquatted domain owner may attempt to sell the domain to the victim at an unreasonable price.
Joke site: Some typosquatters create a website to make fun of the mimicked trademark or brand name.
Search Results Listing: A typosquatter may direct traffic meant for the real site to its competitors, charging them on a pay-per-click basis.
Surveys and Giveaways: The fake website provides visitors with a feedback form or a survey aimed at stealing sensitive information.
Generate Revenue: Fake website owners may put up advertisements or popups to generate advertising revenue from unaware visitors.
Affiliate links: The fake site may redirect traffic back to the brand through affiliate links to earn a commission from all purchases via the brand's legitimate affiliate program.
Ways to Protect Against Typosquatting
While fishing for typosquatted websites is no easy feat, there are a few ways by which organizations and individuals can protect themselves against typosquatting attempts:
Trademark Your Website Domain
The best defense against typosquatters is to register and trademark your website. A registered trademark allows you to file a Uniform Rapid Suspension (URS) lawsuit with the World Intellectual Property Organization. This can also help you turn down the website you believe intends to trick consumers away from your page into a typosquatting site.
You can also register several variations of your site's spelling, such as singular, plural, and hyphenated variants, together with various extensions such as .org, .com, and .net.
Use Open Source Tools
An open-source tool like dnstwist can automatically scan your website domain to determine if there's already a typosquatting attack in progress or waiting to happen. You can use dnstwist through a series of shell commands on Linux systems, but if you're in a hurry, you can try it in your web browser by heading over to dnstwist.it.
Monitor Site Traffic Closely
Keeping a close eye on your site traffic is also an effective way of spotting a typosquatting attack. You can also set up an alert for any time there's a sudden decrease in visitors from a specific region. This could indicate that your users are being redirected to a fake website.
Host Your Domain With the Right ISP
Some ISPs offer typosquatting protection as part of their product offering. So, it's a good idea to host your domain with such ISPs. Not only does this provide an extra layer of web filtering, but you also get alerted anytime a user mistypes a URL and is redirected to a proper domain.
Find Potentially Spoofed Domains
Several third-party vendors offer services to find potentially spoofed domains. The World Intellectual Property Organization (WIPO) has a Uniform Domain-Name Dispute-Resolution Policy (UDRP) that allows trademark holders to file complaints against typosquatters and regain the domain.
Use Anti-Spoofing and Secure Email Technology
To mitigate typosquatting attacks, you should also invest in anti-spoofing and secure email technology that can identify potential typosquatting domains and malware.
User Training and Awareness
Awareness is the key when trying to defeat typosquatting domains. Enlighten yourself and your staff to stay vigilant against these scam techniques. You can start by telling them to avoid directly navigating to websites. Instead of typing a website address every time in their browser, they can use a search engine or voice command and bookmark sites instead.
Be Proactive and Mitigate Typosquatting
As humans, we are prone to making mistakes, and typing is no exception. Typosquatting is a type of social engineering attack that relies on the psychological manipulation of individuals and their weaknesses.
Sure, we cannot prevent typosquatters from creating fake websites or buying all the domains that fall under that criteria. However, we can still decrease these incidents by being extra vigilant, proactive, and learning how this crime spreads.