What is typosquatting?

Typosquatting is the practice of deliberately registering misspelled versions of popular domain names. People will register these domain names to lure visitors to a different website than they intended to go to. These “fake websites” profit off the proximity of their name to a popular website to get more traffic. They often contain malicious content or are used for phishing and scamming purposes.

How does typosquatting work?

Typosquatting works by deliberately registering domain names that are very similar to those of well-known websites, profiting from the proximity to these websites to get people to visit them. A typosquatted site’s URL looks very similar to the “real” domain name. At a glance, you may think you are dealing with the actual website, which makes them easy “traps” for unsuspecting Internet users to fall into. This is how typosquatters manage to mislead people.

Cybercriminals often specifically register typosquatted domains for malicious purposes. People with less digital skills or who are simply not paying much attention are likely candidates to fall for typosquatted attacks, such as accidentally logging into twiter.com or make a payment on amaznn.com. In such cases, they would be leaking sensitive information to third parties of their own accord. Typosquatted domains are also often used in email scams.

Many website owners preventively register domain names that are similar to theirs to prevent falling victim to typosquatting. For example, gogle.com, gooogle.com, and googlr.com are all registered by Google and redirect to google.com.

Types of typosquatting

These are some of the most common types of typosquatting:

• Domains with typos or spelling mistakes: These are mistakes that people are prone to make. For example, many people misspell google.com as googlr.com, because the E and R are right next to each other on the keyboard.

• Domains with alternative spellings: An example of this would be a typosquatted site using the American spelling of a particular word, while the legitimate website uses the British one.

• Domains with the wrong domain extension: An example of this would be a typosquatted site that uses .org, while the legitimate website uses .com.

• Tacking a “www” onto a domain name: An example of this would be wwwgoogle.com.

• Adding or removing a hyphen in a domain name: An example of this would be pay-pal.com.

• Including additional dots: An example of this would be goog.le.com.

• Adding “official-sounding” words to a domain name that can help it project legitimacy: An example of this would be amazon-payments.com.

How to recognize typosquatting?

There are various ways to recognize that you are dealing with a typosquatted site.

• Typos or spelling mistakes: Double-check to see if a URL is spelled correctly to prevent falling victim to typosquatting. The aforementioned gogle.com and googlr.com would have been prime candidates for typosquatting if Google had not preventively registered them. 

• Alternate spellings: Sometimes, words can be spelled in different ways that are both considered valid. For example, watch out for differences between American and British English, such as “color/colour”, “program/programme” and “meter/metre”.

• Unexpected hyphens: Look out for any hyphens that are somewhere they should not be. An example would be the website of fashion giant H&M, which is hm.com. The variation h-m.com leads to a typosquatted site.

• Wrong domain extensions: Don’t just look at the first part of the domain name! One common form of typosquatting involves the registration of an identical domain name with a different extension.

• SSL certificates: Typosquatted domains will rarely have an SSL certificate. You can see whether a website is protected by an SSL certificate if you see a small icon of a lock next to the website URL in the URL bar.

• Signs of email scams: Typosquatting often takes place within the context of email scams, such as phishing scams. This guide on dealing with email scams offers helpful tips on recognizing and protecting yourself against these kinds of scams.

Real-life typosquatting examples

One of the most well-known typosquatted attacks is the one of goggle.com. This was a phishing website that was active in the 2000s. Its URL strikingly resembles the famous search engine, making it a classic example of typosquatting. This case may well be the reason why Google has chosen to preventively register gogle.com, googlr.com, and twelve more variations of the same name.

Another infamous example of typosquatting belongs to the domain of animal rights organization PETA. They initially used the domain www.peta.com for their website. This led to a typosquatter registering www.peta.org and using it for a website about meat, named “People Eating Tasty Animals”. The typosquatted site contained links to other websites promoting meat products and leather goods. This typosquatting case was eventually settled in court, with PETA gaining ownership of the .org domain.

What is cybersquatting?

Cybersquatting is a phenomenon that is closely related to typosquatting. It refers to the practice of registering, trafficking in, or using a domain name, with a bad faith intent to profit from the proximity of a trademark that belongs to someone else.

Compared to typosquatting, cybersquatting is rather an umbrella term, with typosquatting being a particular subtype of cybersquatting. Besides typosquatting, cybersquatting also involves other practices, including the registration of newly expired domain names (dropcatching) in hopes of getting people to pay large sums of money to get their domains back. A closely related is that of domain warehousing, which involves domain registrars purposefully holding on to high-value expired domain names to sell them at an inflated price.

Real-life cybersquatting examples

The Google and PETA typosquatted attacks mentioned earlier on this page could be considered cases of cybersquatting as well as typosquatting. An example of domain warehousing, which falls under the cybersquatting umbrella, is that of registrar GoDaddy. GoDaddy is one of the leading domain registrars, with over eighty million domains under their management. They used to run a subsidiary company called Standard Tactics, LLC (which has since shut down), which they used to “park” all valuable domain names that registrants let expire. They would then sell these domain names at high prices or run auctions on them. 

Dangers of typosquatting 

Typosquatting attacks are a serious threat. Many typosquatted domains lead to websites with malicious content, taking advantage of the common mistakes people make when typing website addresses. Registrants often try to trick people into giving away personal information, like usernames, passwords, and credit card information. 

Another risk associated with typosquatting is the high likelihood of typosquatted domains spreading malware. By pretending to be popular websites, typosquatters can trick you into downloading harmful software or clicking on dangerous links that infect your device with viruses or ransomware.

Typosquatting is also commonly part of email scams. Cybercriminals might send emails or messages containing typosquatted links that look real at first glance. Falling for these tricks usually leads to cybercriminals hacking your account or committing identity theft.

For companies, a large threat of typosquatting is the loss of their good reputation. Being associated with a known scam can lead customers to do business elsewhere. On top of that, some cybercriminals specifically try to target companies with their typosquatting scams, as they know there is a lot for them to gain. Cybercrime, including typosquatting, adds up to trillions of dollars in financial losses for companies every year. This is why it is important for employees to be aware of the signs of typosquatting, and to ignore any emails or links they do not trust - even if they appear to come from a known source.

What can I do against typosquatting as a domain owner? 

As a domain owner, you do not want to fall victim to typosquatting and have scammers take away valuable traffic from your website — let alone use a variation of your domain name for malicious purposes. To prevent typosquatting, one thing you can do as a domain owner is to use a trademark protection service. Examples of these services include DPML, tREX, Uni EPS, and AdultBlock.

Trademark protection services protect your exact, trademarked domain name against typosquatting across different extensions. On top of this, all of these services also offer “plus” packages, which cover IDNs and common spelling variations in addition to the trademarked domain name.

To qualify for any of these protection services, your domain name needs to be a registered trademark with the Trademark Clearinghouse (TMCH). Openprovider offers the possibility to register your trademark with TMCH and apply for any of these protection services. If you want to validate your trademark with the TMCH, this guide will tell you step-by-step how to do this. This article contains more information about the differences between the different protective blocks.

You can also choose to individually register domain names that you are afraid will be vulnerable to typosquatting. However, this means that you have to register and pay for each of these domain names by yourself, year after year. Using a trademark protection service often ends up being cheaper, and takes a lot of work out of your hands. If you do not want to go down that road, this article also gives some legal advice about what you can do in case you end up falling victim to typosquatting.

Another recommended step to take as a domain owner is to use an SSL certificate for your website. Typosquatted domains rarely use SSL certificates. Adding an SSL certificate to your website adds an important layer of trust, which will quickly tell your customers that they are in the correct place.

How to prevent typosquatting?

Preventing typosquatting is something both users and companies can do with a bit of caution and a few steps. For users, it's very important to be careful when typing website addresses and check for mistakes before hitting enter. It is a good idea to use bookmarks for websites you visit often to avoid typos. 

As typosquatting is often a part of email scams, it is important to watch out in your inbox as well. When you get an email that looks suspicious, be sure to double-check any links in the email for common signs of typosquatting, including spelling mistakes, typos, “wrong” domain extensions, tacked-on words, or tacked-on or missing hyphens or dots. If you see a link that you do not trust, do not click on it. Instead, delete the email and report its sender as spam. And, if you did accidentally fall for a case of typosquatting, not all is lost! This guide takes you through the steps of what you should do next to minimize the damage.

To prevent falling victim to typosquatting, companies should make sure that their employees have followed security training, so they know what to do when confronted with fraudulent emails. When it comes to reputation management, using protective blocks to keep people from registering your trademarked name can help catch potential instances of typosquatting and cybersquatting. You can find more information about this under the heading “What can I do against typosquatting as a domain owner?”. 

As a company, you can also take responsibility toward customers by telling them of the dangers of typosquatting. Remind your customers to always double-check website addresses and not click on suspicious links. This also helps put your company on the map as a business that values security.