Typosquatting

Typosquatting, also called URL hijacking, a sting site, or a fake URL, is a form of cybersquatting, and possibly brandjacking which relies on mistakes such as typos made by Internet users when inputting a website address into a web browser. Should a user accidentally enter an incorrect website address, they may be led to any URL (including an alternative website owned by a cybersquatter).

The typosquatter's URL will usually be one of five kinds, all ''similar to'' the victim site address:

*A common misspelling, or foreign language spelling, of the intended site
*A misspelling based on a typographical error
*A plural of a singular domain name
*A different top-level domain: (i.e. .com instead of .org)
*An abuse of the Country Code Top-Level Domain (ccTLD) (.cm, .co, or .om instead of .com)

Similar abuses:

*Combosquatting - no misspelling, but appending an arbitrary word that appears legitimate, but that anyone could register.
*Doppelganger domain - omitting a period or inserting an extra period
*Appending terms such as ''sucks'' or -' to a domain name

Once in the typosquatter's site, the user may also be tricked into thinking that they are in fact in the real site, through the use of copied or similar logos, website layouts, or content. Spam emails sometimes make use of typosquatting URLs to trick users into visiting malicious sites that look like a given bank's site, for instance.

Magniber ransomware are being distributed in a typosquatting method that exploits typos made when entering domains, targeting mainly Chrome and Edge users.

Motivation

There are several different reasons for typosquatters buying a typo domain:
*In order to try to sell the typo domain back to the brand owner
*To monetize the domain through advertising revenues from direct navigation misspellings of the intended domain
*To redirect the typo-traffic to a competitor
*To redirect the typo-traffic back to the brand itself, but through an affiliate link, thus earning commissions from the brand owner's affiliate program.
*As a phishing scheme to mimic the brand's site, while intercepting passwords which the visitor enters unsuspectingly
*To install drive-by malware or revenue generating adware onto the visitors' devices
*To harvest misaddressed e-mail messages mistakenly sent to the typo domain
*To express an opinion that is different from the intended website's opinion
*By legitimate site owners: to block malevolent use of the typo domain by others
*To annoy users of the intended site

Examples

Many companies, including Verizon, Lufthansa, and Lego, have gained reputations for aggressively chasing down typosquatted names. Lego, for example, has spent roughly US$500,000 on taking 309 cases through UDRP proceedings.

Celebrities have also frequently pursued their domain names. Prominent examples include basketball player Dirk Nowitzki's UDRP of DirkSwish.com and actress Eva Longoria's UDRP of EvaLongoria.org.

Goggle, a typosquatted version of Google, was the subject of a mid-2000s web safety promotion by McAfee, which depicted the significant amounts of malware installed through drive-by downloads upon accessing the site at the time. Later the URL redirected to google.com; a 2018 check revealed it to redirect users to adware pages, and a 2020 attempt to access the site through a private DNS resolver hosted by AdGuard resulted in the page being identified as malware and blocked for the user's security. By mid-2022, it had been turned into a political blog.

Another example of corporate typosquatting is ''yuube.com'', targeting YouTube users by programming that URL to redirect to a malicious website or page that asks users to add a malware "security check extension". Similarly, ''www.airfrance.com'' has been typosquatted by ''www.arifrance.com'', diverting users to a website peddling discount travel (although it now redirects to a warning from AirFrance about malware). Other examples are ''Equifacks.com'' (Equifax.com), ''Experianne.com'' (Experian.com), and ''TramsOnion.com'' (TransUnion.com); these three typosquatted sites were registered by comedian John Oliver for his show ''Last Week Tonight''. Over 550 typosquats related to the 2020 U.S. presidential election were detected in 2019.

In United States law

In the United States, the 1999 Anticybersquatting Consumer Protection Act (ACPA) contains a clause (Section 3(a), amending 15 USC 1117 to include sub-section (d)(2)(B)(ii)) aimed at combatting typosquatting.

On April 17, 2006, evangelist Jerry Falwell failed to get the U.S. Supreme Court to review a decision allowing Christopher Lamparello to use www.fallwell.com. Relying on a plausible misspelling of Falwell's name, Lamparello's gripe site presents misdirected visitors with scriptural references that are intended to counter the fundamentalist preacher's scathing rebukes against homosexuality. In '' Lamparello v. Falwell'', the high court let stand a 2005 Fourth Circuit opinion that "the use of a mark in a domain name for a gripe site criticizing the markholder does not constitute cybersquatting."

WIPO resolution procedure

Under the Uniform Domain-Name Dispute-Resolution Policy (UDRP), trademark holders can file a case at the World Intellectual Property Organization (WIPO) against typosquatters (as with cybersquatters in general). The complainant has to show that the registered domain name is identical or confusingly similar to their trademark, that the registrant has no legitimate interest in the domain name, and that the domain name is being used in bad faith.

See also

*
* (DNS)
*
*
* (for similar attacks on vanity toll-free telephone number phonewords)
*
*
*

References

External links

*Jim Giles
Typos may earn Google $500m a year
New Scientist, 17 February 2010 (reporting research by Ben Edelman and Tyler Moore
Measuring Typosquatting Perpetrators and Funders

*
*
*
* Nation Squid
How One Typo Destroyed Thousands of Computers

{{Domain parking

Cybercrime
Network addressing
Nonstandard spelling
Trademark law
URL