Blog Domain Security News

What is typosquatting and what can you do against it?

0 min read
11/10/2022
what is typosquatting

Did you know that gogle.com, gooogle.com, and googlr.com all redirect to google.com? It is probably a rather expensive ordeal for the Google headquarters to keep all of these domains up, but what may happen otherwise is much worse than that. If these domain names were up for grabs, they would be prime candidates to fall victim to a phenomenon called typosquatting.

But what exactly is typosquatting? And how can you prevent yourself and your domain name from falling victim to it? This article explains it all to you.

What is typosquatting?

Typosquatting is the practice of purposefully registering misspelled versions of popular domain names. People will register these domain names in order to lure visitors to a different website than they actually intended to go to.

If Google had not registered gogle.com themselves, someone could have registered this domain name for their own website. They could then have profited off the proximity of their name to the popular search engine, in order to get more traffic. 

If gogle.com were a legitimate website in itself, this would not be as bad. But in many cases, hackers and scammers specifically register these kinds of domain names for malicious purposes. People with less digital skills or who are simply not paying much attention would be likely to log into twiter.com or make a payment on amason.com. In those cases, they would be leaking sensitive information to third parties of their own accord. Typosquatted URLs are also often used in email scams.

What are examples of typosquatting?

One of the most well-known cases of typosquatting may be the one of goggle.com. This was a phishing website that was active in the 2000s. Its URL strikingly resembles the famous search engine. This case may well be the reason why Google has chosen to preventively register gogle.com, googlr.com, and 12 more variations of the same name.

Another infamous example belongs to the domain of animal rights organization PETA. They initially used the domain www.peta.com for their website. This led to a typosquatter registering www.peta.org and using it for a website named “People Eating Tasty Animals”. The typosquatted website contained links to other websites promoting meat products and leather goods. This case was eventually settled in court, with PETA gaining ownership of the .org domain.

How can I recognize typosquatting?

There are various ways in which you can recognize that you are dealing with a typosquatted domain.

  • Typos or spelling mistakes: the aforementioned gogle.com and googlr.com are good examples of this. 
  • Alternative spellings: sometimes, words can be spelled in different ways that are both considered valid. For example, watch out for differences between American and British English, such as “color/colour”, “program/programme” and “meter/metre”.
  • Unexpected hyphens: look out for any hyphens that are somewhere they should not be. An example would be the website of fashion giant H&M, which is hm.com. The variation h-m.com leads to a typosquatted website.
  • Wrong domain extensions: don’t just look at the first part of the domain name! Typosquatters may be using an identical domain name with a different extension, just like what happened in the peta.org case.
  • SSL certificates: typosquatted websites will almost never have an SSL certificate. You can see whether a website is protected by an SSL certificate if you see a small icon of a lock next to the website URL in the URL bar.

Typosquatting often takes place within the context of email scams. This article on email scams offers helpful tips on recognizing and protecting yourself against these kinds of scams.

What can I do against typosquatting as a domain owner?

As a domain owner, you do not want typosquatters to take away valuable traffic from your website — let alone use a variation of your domain name for malicious purposes. In order to prevent typosquatting, one thing you can do as a domain owner is to use a trademark protection service. Examples of these services include DPML, tREX, Uni EPS, and AdultBlock.

Each of these protection services protects your exact, trademarked domain name against typosquatting across different extensions. On top of this, all of these services also offer “plus” packages, which cover IDNs and common spelling variations in addition to the trademarked domain name.

In order to qualify for any of these protection services, your business name needs to be a registered trademark with the Trademark Clearinghouse (TMCH). Openprovider offers both the option to register your trademark with TMCH and to apply for any of these protection services. If you want to validate your trademark with TMCH, this guide will tell you step-by-step how to do this. This article contains more information about the differences between different protection services.

You can also choose to individually register domain names that you are afraid will be vulnerable to typosquatting. However, this means that you have to register and pay for each of these domain names by yourself, year after year. Using a trademark protection service often ends up being cheaper, and takes a lot of work out of your hands. If you do not want to go down that road, this article also gives some legal advice about what you can do in case someone ends up registering your trademarked domain name.

Another recommended step to take as a domain owner is to use an SSL certificate for your website. Typosquatted websites rarely use SSL certificates. Adding an SSL certificate to your website adds an important layer of trust, which will quickly tell your customers that they are in the correct place.

Subscribe to our newsletter

What are you waiting for?

Create an account today - it’s fast and free

Get Started

Loading...