đź“Ś Get the latest strategies to protect your revenue in your inbox

How to prevent and protect from typosquatting
Brand Protection
4 mins

How to prevent and protect from typosquatting

Table of Contents:

    We all know how easy it is to mistype a web address. Cybercriminals know this too and take advantage of it by using slightly different variations of well-known domain names to build websites. Known as typosquatting, this phenomenon is posing a growing problem for brand owners as well as consumers. Research is scarce but indicates that more than 20% of all .com domain registrations are typo domains and their number is increasing. 

    In this blog post, we guide you through how typosquatting works and how you can detect and prevent typosquatting to protect your customers and your business.

    • Definition and forms of typosquatting    
    • The difference between typosquatting and URL hijacking
    • How brands and consumers are affected by typosquatting
    • How to use technology to protect your website from typosquatting 

    What is typosquatting?

    Typosquatting is a practice through which a website host registers domain names similar to popular brands that contain misspellings or typographical errors like “amzon.com” instead of “amazon.com”. As web addresses are prone to typos, infringers seek to get an advantage from internet users who are unaware that they are navigating on an untrustworthy website. Typo domains usually lead to web-optimized landing pages and fake websites that generate profits for the hosts or trick users into revealing personal data.  

    Red Points' Domain Protection

    Typosquatting examples

    Typosquatting domains appear in different forms. Here are the most common traps to keep in view in order to prevent typosquatting: 

    • Typographical errors: Mistyped web addresses of well-known brands often happen when quickly typing in web addresses manually into your browser. For example, “googler.com”. 
    • Spelling errors: When a user is guided to a false website, it’s not always the keyboard that is to be blamed. Some domain names are simply wrongly spelled, such as “addidas.com”. 
    • Alternative spelling: Arriving at a typosquatting website doesn’t necessarily mean that you made a grammar or spelling mistake. Sometimes alternative spellings like “colordesign.com” vs. “colourdesign.com” mislead users. 
    • False domain endings: Domain owners can register and choose from numerous top-level domains (TLDs). So can owners of typosquatting sites. Hence, it is common that users to mistake domain extensions and for instance type “.com” instead of “.biz” which leads them to a false website. 
    • Alternating the country code: Changing a country code top-level domain (ccTLD) from “.uk” to “.us” or from “.com” to “.cm” is another easy way for infringers to create a typosquat site.  
    • Hyphenated/supplemented domains: Typosquatters are either omitting or adding a hyphen in domain names to mislead users. A popular brand domain name with a false amendment would be “apple-onlineshop.com” for example.         

    Is URL hijacking the same as typosquatting?

    URL hijacking and typosquatting are risk factors referring to the web address of a business. They both potentially put a brand’s reputation, profits, and overall security in danger but they use different approaches as we will outline here. 

    As pointed out above, typosquatting is registering a look-alike website URL similar to the genuine URL of an established brand that actually includes typos, misspellings, variations, or false TLDs. Malicious intentions of typosquatters include phishing campaigns, impersonation attacks, and redirecting traffic to rogue websites because of typos. 

    However, URL hijacking – also referred to as cybersquatting – is the practice of registering domain names of established brands or organizations with the intent of reselling them in the future, usually to the legitimate trademark holder to make a profit. Another technique is redirecting traffic to a website where other products are being offered by simply using the name of a legitimate brand. This happens sometimes when hijacked URLs don’t find a buyer.       

    How typosquatting can affect brands and their clients

    Let’s have a closer look now at how typosquatting is actually used and how it can affect brands and consumers: 

    • Bait and switch: A typosquatting website sells a product that the customer actually intended to purchase at the genuine web address, but isn’t delivering after the payment.
    • Fake mirror websites: Cybercriminals create a realistic copy of an authentic brand website to trick customers into revealing personal data.  
    • Bypassing traffic: Malicious websites use ads or pop-ups to cash in on advertisement earnings from website visitors.
    • Malware spreading: Typosquatting websites install malware or adware on the device of the user. 
    • Affiliate fraud: The bogus website redirects traffic back to the genuine brand through affiliate links. The creators of such web pages get a commission from purchases of the brand’s affiliate program or by simply redirecting traffic to the original brand website.
    • Mocking site: The dummy website presents the actual brand or trademark in an unfavorable, misleading, or humiliating way.
    • User surveys: The typosquatting website offers feedback forms or surveys to visitors with the intent of stealing sensitive data.

    How to prevent and protect your website from typosquatting

    Given the endless number of typosquatting opportunities for infringers, you might ask yourself how to deal effectively with this potential threat to your brand. There are some manual actions to consider, although detecting and preventing typosquatting efficiently and systematically requires technological solutions. 

    As a first step, you can register different country top-level domains and a number of possible mistyped domain names of your brand and send visitors of those sites automatically to your original website. 

    You can check your own domain registration and mistyped variations of it. In case you find similar versions of your domain name you should check whether it’s necessary to take action against a defrauder.

    Detecting typosquatting websites and taking them down from the web is time-consuming and bundles resources you might better apply in other business areas of your company.  

    Red Points’ technology-based domain management solution streamlines the detection of typosquatting websites. Detection is conducted on a broader scale and is much more time-efficient than a manual search.

    The same efficiency tradeoff applies to reporting and taking down typosquatting websites. Going through the process manually is inefficient when dealing with recurring cases. Usually, a site is taken down within a few days but it can also take much longer when managing the case manually. 

    Red Points offers a powerful and comprehensive impersonation removal solution that detects and prevents typosquatting attacks. Bot-powered search, self-improving detection through machine learning, and automatic enforcements prevent your business from being targeted by typosquatting websites. 


    You may like...

    The ultimate checklist to business impersonation protection
    Rogue websites and cybersquatting
    How to take down a fake website for good
    How to report an impersonation and fake account on Instagram