What is Typosquatting in Cybersecurity

Blog

Typosquatting is the use of misspelled domain names to deceive users into thinking that the site they're trying to access is legitimate. The result? Users are directed to sites with malware or phishing attempts, which can lead to identity theft and other serious problems.

by Ahona Rudra

Reading Time: 7 min
What is Typosquatting in Cybersecurity
Table Of Contents

Typosquatting is the use of misspelled domain names to deceive users into thinking that the site they’re trying to access is legitimate. The result? Users are directed to sites with malware or phishing attempts, which can lead to identity theft and other serious problems.

In this article, we’ll tell you everything you need to know about typosquatting, how it works and how to prevent it. 

Key Takeaways

  1. Typosquatting involves registering misspelled domain names to deceive users into visiting fraudulent sites.
  2. Cybercriminals use typosquatting to steal sensitive information, engage in phishing, and defraud users.
  3. Trademarking your domain name provides legal protection against unauthorized use and typosquatting attempts.
  4. Employing anti-spoofing technologies can help identify and prevent typosquatting activities through malicious emails.
  5. Understanding the differences between typosquatting, domain spoofing, and IDN homograph attacks is crucial for online safety.

What is Typosquatting?

Typosquatting is the practice of registering web addresses that are similar to the target site’s URL, with the intent of tricking users into mistyping the legitimate URL and landing on a phishing page.

In most cases, the “typosquatter” registers a domain name that resembles a well-known trademarked or copyrighted phrase.

For example, the typosquatter might register “addidas.com” to serve as an alternative to the genuine and trademarked one “adidas.com.”

Typosquatting can be used for a variety of reasons: to trick people into thinking they’re accessing the original site, to take advantage of Google’s rankings algorithms, and even just because the owner wanted to use that domain name.

Simplify Typosquatting Security with PowerDMARC!

Start 15-day trial Book a demo

How Does Typosquatting Work?

Typosquatting involves setting up a website that’s almost identical to the real site, but with typos in the URL address. The typos are meant to trick people into thinking they’re visiting the real site.

To avoid detection, typosquatting sites often try to look like they’re part of a larger organization or business. They often use specific colors, fonts, logos, and themes to make their sites look like they belong to an actual company.

Here’s how a typosquatter might typosquat:

  1. The typosquatter registers a matching domain name
  2. The typosquatter registers a matching email address
  3. The typosquatter sends marketing emails to people, convincing them that they are receiving real messages from a business or organization that they trust.
  4. The typosquatter tricks users into clicking on links in the emails, which directs them to the typosquatted website that might be hosting malware or deceiving users to enter their personal information.
  5. When people click on one of these links and enter their information, it’s sent directly back to the typosquatter who may use it for illegitimate activities like credit card fraud or selling the victim’s personal information on blackhat forums.

Main Purposes of Typosquatting

Typosquatters may cause harm to users, (for example) by using fake information to steal credit card numbers, defrauding businesses engaged in legitimate trade, or damaging the reputation of legitimate business owners who do exist.

However, many unscrupulous individuals register typo domains with no malicious intent and instead use them solely for purposes like cybersquatting.

Stealing User Information: The purpose of typosquatting is to steal user information like usernames, passwords, SSNs, and credit card numbers. Typosquatting makes phishing sites look legitimate, which makes it harder for users to recognize when they are entering their details.

Bait and Switch: It involves a fake website that sells you something you might have bought at the correct URL. These online purchases are difficult to dispute on your credit card statement because they were never made at the correct URL. However, the buyer will still pay for it (because they believed it to be legitimate in the first place) and doesn’t get what they wanted.

Monetize Traffic: Some typosquatters typosquat highly famous websites to monetize traffic and generate revenue for their webpages that have been misidentified as the original site. In some cases, even search engines tend to think that the typoquoted site belongs to the original site, so they’ll give it more weight in their rankings.

Devalue a Target Site: Cybercriminals are always looking to pull the wool over their audience’s eyes. They want to make it seem as if their site is genuine when in reality they don’t care about the reputation of the site they’re stealing from. They want to create confusion and uncertainty, so they will try to make these sites look like they’re legitimate by typosquatting them. This will also devalue the genuine site, as it will make people believe that the impostor site (which could have lots of junk and adult content) is the original one.

Earn Affiliate Commissions: Trademark criminals often typo-squat on domain names to make a quick buck. They use these sites to redirect traffic to the brand’s real website through referral links, earning money for each purchase made by “typo” shoppers.

Domain Squatting: Cybersquatting or Domain Squatting is the act of registering a domain name that corresponds to the trademark or company name of another company. A cybersquatter will purchase the matching domain name to sell it to the real brand owner for more money. The goal of cybersquatting is to use a domain name to profit from another party’s brand, reputation, or goodwill.

Typosquatting vs IDN Homograph Attack: What’s The Difference?

An IDN Homograph Attack is a type of attack that targets non-ASCII characters. It’s different from typosquatting in that it uses homographs instead of typos, which makes it harder to detect, but it has the same effect: hijacking the domain.

The attacker uses an existing domain name that is homograph-competent (or IPA-competent) to create a new domain name with the same pronunciation and spelling, but a different Unicode.

For example, a tech geek named Xudong Zheng is responsible for creating a fake version of Apple’s website in the URL https://www.xn--80ak6aa92e.com/ which mimics apple.com

His domain’s real version https://www.xn--80ak6aa92e.com/ (which is not the actual URL of Apple’s website) appears exactly like apple.com when you load the URL in an old browser.

The most recent versions of Chrome have developed a security mechanism that detects homographic domains, but if you load the above URL from an old browser, the URL will surprisingly show as apple.com

Typosquatting Vs Domain Spoofing?

There are two main ways to steal someone else’s domain name: typosquatting, or simply using a typo instead of their real one; and domain spoofing, where an attacker creates a fake version of their competitor’s website that looks exactly like the original but uses a different URL.

In both cases, the goal is to confuse Google and other search engines so that your site will appear higher in search engine results than it actually should.

The difference between the two is that typosquatting involves misspelling someone else’s domain name so badly that it makes their site look like it was hacked by an amateur—which means there are often security issues associated with them. In contrast, domain spoofing is much more convincing because the website looks exactly like its target counterpart but uses some slight differences (like having misspelled words on the home page) that make it seem more legitimate.

If your email domain is continously being spoofed or forged and you’re getting complaints from your customers about receiving fake messages that you never sent, DMARC enforcement is your best shot at mitigating it. 

Protecting Your Online Business from Typosquatting

Your online business is in danger. Not from a man in a trench coat on your doorstep. Or an attack on its database by a mysterious hacker. Nope, no one’s trying to steal anything from you. The threat is much more subtle. It’s called typosquatting and it could ruin everything you worked for.

Here are some tips on how to protect your online business from typosquatting:

Trademark Your Domain Name

When you’re protecting your business name, it’s important to trademark that name as well. This is also true for websites—not only because it prevents typosquatting, but also because it gives you legal protection against others using your domain name in an attempt to steal your customers. You can use a business name generator to assure uniqueness and streamline the trademarking procedure when securing your company name.

Trademarks act like guarantees on their product or service, so if someone tries to pass off one of your products or services as theirs without permission, they’ll be violating not just your trademark rights but also federal law.

Host Your Domain With an ISP that Offers Typosquatting Protection

These services will automatically redirect traffic to the correct site when someone tries to search a domain with a typo. This means that typosquatting attempts will fail. Secondly, if someone tries to register a domain with a spelling error in the name (to resemble a real trademark), their registration will be denied.

File a Complaint at WIPO

The World Intellectual Property Organization (WIPO) has a Uniform Domain-Name Dispute-Resolution Policy (UDRP). This policy allows real trademark holders to file complaints against users who are using their trademarks in bad faith. This includes people who register a domain name and use it to promote their business without permission from the trademark holder.

Use Anti-Spoofing Email Technology

Most typosquatting criminal activities are performed by sending emails to people who are looking for information about a “target” business but instead get an email with a fake link or content that misrepresents itself as the “target” business when it’s not.

You can take steps to prevent typosquatting activities by using anti-spoofing technologies like DMARC analyzer. This allows legitimate business owners to identify spoofed emails and block them before they’re delivered to other networks. Thereby, preventing any loss of reputation or revenue that might result from these types of attacks.

Lead The Fight Against Spoofing Attacks with PowerDMARC

Cybercrooks have become increasingly sophisticated at using domain name spoofing attacks to deceive businesses. These attacks can be prevented by deploying anti-spoofing security technologies in place.

Are you worried about your email domain name can becoming a victim of spoofing attacks?

Becoming a DMARC MSP can help.

We know how important it is to protect your customers from such fraud, which is why we offer DMARC technology as part of our services.

By using DMARC, you can ensure that your email domain names are not being spoofed by any third party—and more importantly, allow you to keep your business name clean and in good standing with customers.

We offer free DMARC trial for our customers, so if you’d like to check yourself or others’ accounts for malicious activity in real-time then sign up today! 

Latest posts by Ahona Rudra (see all)
Understanding DNS Propagation: The Secret to Faster Website Load TimesHow to monitor DMARCjpgHow Do I Monitor DMARC?