Typosquatting, also called URL hijacking, a sting site, or a fake URL, is a form of

cybersquatting Cybersquatting (also known as domain squatting) is the practice of registering, trafficking in, or using an Internet domain name, with a bad faith intent to profit from the goodwill of a trademark belonging to someone else. The term is derived ...

, and possibly brandjacking which relies on mistakes such as

typos A typographical error (often shortened to typo), also called a misprint, is a mistake (such as a spelling mistake) made in the typing of printed (or electronic) material. Historically, this referred to mistakes in manual type-setting (typography). ...

made by Internet users when inputting a website address into a

web browser A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used on ...

. Should a user accidentally enter an incorrect website address, they may be led to any URL (including an alternative website owned by a cybersquatter). The typosquatter's

URL A Uniform Resource Locator (URL), colloquially termed as a web address, is a reference to a web resource that specifies its location on a computer network and a mechanism for retrieving it. A URL is a specific type of Uniform Resource Identifi ...

will usually be one of five kinds, all ''similar to'' the victim site address: *A common misspelling, or foreign language spelling, of the intended site *A misspelling based on a typographical error *A plural of a singular domain name *A different

top-level domain A top-level domain (TLD) is one of the domains at the highest level in the hierarchical Domain Name System of the Internet after the root domain. The top-level domain names are installed in the root zone of the name space. For all domains in ...

: (i.e. .com instead of .org) *An abuse of the

Country Code Top-Level Domain A country code top-level domain (ccTLD) is an Internet top-level domain generally used or reserved for a country, sovereign state, or dependent territory identified with a country code. All ASCII ccTLD identifiers are two letters long, and all ...

(ccTLD) (.cm, .co, or .om instead of .com) Similar abuses: *Combosquatting - no misspelling, but appending an arbitrary word that appears legitimate, but that anyone could register. *

Doppelganger domain A doppelganger domain is a domain spelled identical to a legitimate fully qualified domain name (FQDN) but missing the dot between host/subdomain and domain, to be used for malicious purposes. Overview Typosquatting's traditional attack vector i ...

- omitting a period or inserting an extra period *Appending terms such as ''sucks'' or -' to a domain name Once in the typosquatter's site, the user may also be tricked into thinking that they are in fact in the real site, through the use of copied or similar logos, website layouts, or content. Spam emails sometimes make use of typosquatting URLs to trick users into visiting malicious sites that look like a given bank's site, for instance. Magniber

ransomware Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or permanently block access to it unless a ransom is paid off. While some simple ransomware may lock the system without damaging any files, m ...

are being distributed in a typosquatting method that exploits typos made when entering domains, targeting mainly Chrome and Edge users.

Motivation

There are several different reasons for typosquatters buying a typo domain: *In order to try to sell the typo domain back to the brand owner *To

monetize Monetization ( also spelled monetisation) is, broadly speaking, the process of converting something into money. The term has a broad range of uses. In banking, the term refers to the process of converting or establishing something into legal tend ...

the domain through

advertising Advertising is the practice and techniques employed to bring attention to a product or service. Advertising aims to put a product or service in the spotlight in hopes of drawing it attention from consumers. It is typically used to promote a ...

revenues from direct navigation misspellings of the intended domain *To redirect the typo-traffic to a competitor *To redirect the typo-traffic back to the brand itself, but through an affiliate link, thus earning commissions from the brand owner's affiliate program. *As a

phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwar ...

scheme to mimic the brand's site, while intercepting passwords which the visitor enters unsuspectingly *To install drive-by

malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, de ...

or revenue generating

adware Adware, often called advertising-supported software by its developers, is software that generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen presented to the ...

onto the visitors' devices *To harvest misaddressed e-mail messages mistakenly sent to the typo domain *To express an opinion that is different from the intended website's opinion *By legitimate site owners: to block malevolent use of the typo domain by others *To annoy users of the intended site

Examples

Many companies, including

Verizon Verizon Communications Inc., commonly known as Verizon, is an American multinational telecommunications conglomerate and a corporate component of the Dow Jones Industrial Average. The company is headquartered at 1095 Avenue of the Americas in ...

Lufthansa Deutsche Lufthansa AG (), commonly shortened to Lufthansa, is the flag carrier of Germany. When combined with its subsidiaries, it is the second- largest airline in Europe in terms of passengers carried. Lufthansa is one of the five founding ...

, and

Lego Lego ( , ; stylized as LEGO) is a line of plastic construction toys that are manufactured by The Lego Group, a privately held company based in Billund, Denmark. The company's flagship product, Lego, consists of variously colored interlockin ...

, have gained reputations for aggressively chasing down typosquatted names. Lego, for example, has spent roughly US$500,000 on taking 309 cases through

UDRP The Uniform Domain-Name Dispute-Resolution Policy (UDRP) is a process established by the Internet Corporation for Assigned Names and Numbers (ICANN) for the resolution of disputes regarding the registration of internet domain names. The UDRP curren ...

proceedings. Celebrities have also frequently pursued their domain names. Prominent examples include basketball player Dirk Nowitzki's UDRP of DirkSwish.com and actress Eva Longoria's UDRP of EvaLongoria.org. Goggle, a typosquatted version of

Google Google LLC () is an American Multinational corporation, multinational technology company focusing on Search Engine, search engine technology, online advertising, cloud computing, software, computer software, quantum computing, e-commerce, ar ...

, was the subject of a mid-2000s web safety promotion by

McAfee McAfee Corp. ( ), formerly known as McAfee Associates, Inc. from 1987 to 1997 and 2004 to 2014, Network Associates Inc. from 1997 to 2004, and Intel Security Group from 2014 to 2017, is an American global computer security software company head ...

, which depicted the significant amounts of malware installed through

drive-by downloads Drive-by download is of two types, each concerning the unintended download of computer software from the Internet: # Authorized drive-by downloads are downloads which a person has authorized but without understanding the consequences (e.g. do ...

upon accessing the site at the time. Later the URL redirected to google.com; a 2018 check revealed it to redirect users to

pages, and a 2020 attempt to access the site through a private

DNS The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to ...

resolver hosted by

AdGuard Developed by AdGuard Software Limited, AdGuard offers open-source, free, and shareware products. AdGuard's DNS app supports Microsoft Windows, Linux, macOS, Android and iOS. AdGuard is also available as a browser extension. AdGuard Software ...

resulted in the page being identified as

and blocked for the user's

security" \n\n\nsecurity.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities. The standard prescribes a text file called \"security.txt\" in the well known locat ...

. By mid-2022, it had been turned into a political blog. Another example of corporate typosquatting is ''yuube.com'', targeting

YouTube YouTube is a global online video sharing and social media platform headquartered in San Bruno, California. It was launched on February 14, 2005, by Steve Chen, Chad Hurley, and Jawed Karim. It is owned by Google, and is the second most ...

users by programming that URL to

redirect Redirect and its variants (e.g., redirection) may refer to: Arts, entertainment, and media * ''Redirect'', 2012 Christian metal album and its title track by Your Memorial * ''Redirected'' (film), a 2014 action comedy film Computing * ICMP Re ...

to a malicious website or page that asks users to add a malware "security check extension". Similarly, ''www.

airfrance Air France (; formally ''Société Air France, S.A.''), stylised as AIRFRANCE, is the flag carrier of France headquartered in Tremblay-en-France. It is a subsidiary of the Air France–KLM Group and a founding member of the SkyTeam global airl ...

.com'' has been typosquatted by ''www.arifrance.com'', diverting users to a website peddling discount travel (although it now redirects to a warning from AirFrance about malware). Other examples are ''Equifacks.com'' (

Equifax Equifax Inc. is an American multinational consumer credit reporting agency headquartered in Atlanta, Georgia and is one of the three largest consumer credit reporting agencies, along with Experian and TransUnion (together known as the "Big Thr ...

.com), ''Experianne.com'' (

Experian Experian is an American–Irish multinational data analytics and consumer credit reporting company. Experian collects and aggregates information on over 1 billion people and businesses including 235 million individual U.S. consumers and more ...

.com), and ''TramsOnion.com'' (

TransUnion TransUnion is an American consumer credit reporting agency. TransUnion collects and aggregates information on over one billion individual consumers in over thirty countries including "200 million files profiling nearly every credit-active consume ...

.com); these three typosquatted sites were registered by comedian

John Oliver John William Oliver (born 23 April 1977) is a British-American comedian, writer, producer, political commentator, actor, and television host. Oliver started his career as a stand-up comedian in the United Kingdom. He came to wider attention ...

for his show ''

Last Week Tonight A last is a mechanical form shaped like a human foot. It is used by shoemakers and cordwainers in the manufacture and repair of shoes. Lasts typically come in pairs and have been made from various materials, including hardwoods, cast iron, and ...

''. Over 550 typosquats related to the 2020 U.S. presidential election were detected in 2019.

In United States law

In the United States, the 1999

Anticybersquatting Consumer Protection Act The Anticybersquatting Consumer Protection Act (ACPA), 15 U.S.C. § 1125(d),(passed as part of ) is a U.S. law enacted in 1999 that established a cause of action for registering, trafficking in, or using a domain name confusingly similar to, or di ...

(ACPA) contains a clause (Section 3(a), amending 15 USC 1117 to include sub-section (d)(2)(B)(ii)) aimed at combatting typosquatting. On April 17, 2006, evangelist

Jerry Falwell Jerry Laymon Falwell Sr. (August 11, 1933 – May 15, 2007) was an American Baptist pastor, televangelist, and conservative activist. He was the founding pastor of the Thomas Road Baptist Church, a megachurch in Lynchburg, Virginia. He founded L ...

failed to get the U.S. Supreme Court to review a decision allowing Christopher Lamparello to use www.fallwell.com. Relying on a plausible misspelling of Falwell's name, Lamparello's

gripe site A gripe site is a type of website that is dedicated to critique or complaint about a specific subject. The subject could be a person, place, politician, corporation, institution, or something else. A gripe site may aim to offer constructive criti ...

presents misdirected visitors with scriptural references that are intended to counter the fundamentalist preacher's scathing rebukes against

homosexuality Homosexuality is romantic attraction, sexual attraction, or sexual behavior between members of the same sex or gender. As a sexual orientation, homosexuality is "an enduring pattern of emotional, romantic, and/or sexual attractions" to pe ...

. In ''

Lamparello v. Falwell ''Lamparello v. Falwell'', 420 F.3d 309 (4th Cir., 2005), was a legal case heard by the United States Court of Appeals for the Fourth Circuit concerning allegations of cybersquatting and trademark infringement. The dispute centered on the right ...

'', the high court let stand a 2005

Fourth Circuit The United States Court of Appeals for the Fourth Circuit (in case citations, 4th Cir.) is a federal court located in Richmond, Virginia, with appellate jurisdiction over the district courts in the following districts: *District of Maryland * ...

opinion that "the use of a mark in a domain name for a gripe site criticizing the markholder does not constitute cybersquatting."

WIPO resolution procedure

Under the

Uniform Domain-Name Dispute-Resolution Policy The Uniform Domain-Name Dispute-Resolution Policy (UDRP) is a process established by the Internet Corporation for Assigned Names and Numbers (ICANN) for the resolution of disputes regarding the registration of internet domain names. The UDRP curren ...

(UDRP),

trademark A trademark (also written trade mark or trade-mark) is a type of intellectual property consisting of a recognizable sign, design, or expression that identifies products or services from a particular source and distinguishes them from oth ...

holders can file a case at the

World Intellectual Property Organization The World Intellectual Property Organization (WIPO; french: link=no, Organisation mondiale de la propriété intellectuelle (OMPI)) is one of the 15 specialized agencies of the United Nations (UN). Pursuant to the 1967 Convention Establishin ...

(WIPO) against typosquatters (as with cybersquatters in general). The complainant has to show that the registered domain name is identical or

confusingly similar In trademark law, confusing similarity is a test used during the examination process to determine whether a trademark conflicts with another, earlier mark, and also in trademark infringement proceedings to determine whether the use of a mark infri ...

to their trademark, that the registrant has no legitimate interest in the domain name, and that the domain name is being used in

bad faith Bad faith ( Latin: ''mala fides'') is a sustained form of deception which consists of entertaining or pretending to entertain one set of feelings while acting as if influenced by another."of two hearts ... a sustained form of deception whic ...

References

External links

*Jim Giles
Typos may earn Google $500m a year

New Scientist ''New Scientist'' is a magazine covering all aspects of science and technology. Based in London, it publishes weekly English-language editions in the United Kingdom, the United States and Australia. An editorially separate organisation publish ...