What is typosquatting?
Typosquatting is another name for URL hijacking. It is cybersquatting that targets individuals who accidentally mistype a website address into their web browser. Cybersquatters register domain names that are common spelling errors of the target brand in the hopes of capturing people who make that particular typo when entering their desired URL. Protecting users against typosquatting is an import aspect of email security.
An internet user who mistypes the URL may not be aware that they are browsing a dummy version of their desired website. The fake website owner can leverage this ignorance to do things like selling a competitor's products or, worse, phishing, trick the user into divulging sensitive data like account login credentials or bank account/card details.
What does typosquatting mean?
The term 'squatting' originates from the practice of people taking up residence in another person's property while they are absent. In typosquatting, the perpetrator essentially does the same thing - setting up a fraudulent website by registering a very similar URL to a legitimate brand. It is a form of identity theft and is always done with malicious intent.
The fraudulent website owner uses the mistyped URL as their 'home', taking in people who unwittingly type in the wrong URL and tricking them into believing they are at the website they wanted. This involves analysing and mimicking the legitimate brand's website to provide a similar browsing experience, but with some key differences.
In the best-case scenario, the website will be selling products that come from the brand's competitors in question. However, the fraudulent website will likely be laden with traps to trick users into typing sensitive information. The typosquatting attack may prompt an internet user to log into their account, meaning they will divulge their login credentials to the typo squatters for the genuine brand. Or they can prompt users to enter their debit card details to make a purchase, disclosing sensitive information that they could use to steal money from unknowing users.
Typosquatting means a malicious entity 'squats' at a URL that is a standard typo for a legitimate brand in hopes of capturing unsuspecting visitors who think they are browsing a genuine website. Those people are thus placed in a vulnerable position, potentially exposed to a cyber attack from a malicious domain such as identity theft.
Another problem with typosquatting is for the brands themselves. Often, the only way to remove the threat of fake URLs is for the legitimate brand to purchase them. The typo squatter knows this, putting them in a strong position to demand huge sums from the brand to acquire the typosquatting site and protect their customers.
What is an example of typosquatting?
Let's look at a few examples of typosquatting:
1. Adding or removing letters/numbers on a web address
These URLs focus on a common typing mistake that people make. For example, an infamous typosquatting site called goggle.com (the misspelled domain posing as Google) allowed cybercriminals to download malware onto visitors' devices.
2. Exploiting frequently misspelt words
Sometimes, cybersquatters use words that can be difficult to spell and are often spelt wrong by many people. These are a popular target for typosquatters since visitors are unlikely to realise they have made a spelling error in the URL of the malicious website.
A fashion design website jacquemus.com was typosquatted as jaqumus.com (note the missing 'e'), the cybersquatting infected visitors' devices with malware.
3. Exploiting the top-level domain (TLD) system
This aspect refers to the last part of a domain name, like .com or .org. Typosquatters have been known to purchase domains with different TLDs to trick users into visiting them.
Domain names like iTunes.cm, Walmart.co or Costco.om have all been discovered posing fraudulently as big brands to trick users into downloading malware.
How does typosquatting work?
Typosquatting works in bad faith by fooling people who have made a typing mistake on a URL (or visited the wrong domain altogether) into believing they are at their desired website. It is a trick that has cybercriminals have used for a long time, but it has become more sophisticated recently to fool more savvy internet users.
Since we are all familiar with what we should expect to see online, we are finely tuned to spot typical phishing attack red flags like bad grammar or spelling on a website or a browsing experience that doesn't feel right. Scammers are aware of this, so they go to more significant effort to keep users fooled.
With many solutions available to create websites and lots of content available to copy and paste, the people who make fraudulent websites can do so very convincingly. They don't even need web design skills or coding experience since there are ways to create websites with drag-and-drop page designers. This amounts to increasingly convincing fakes, and the more people who are tricked, the more critical it becomes for the legitimate brand to address the problem.
Whether the aim is to steal from users or pressure big brands into buying the fraudulent domain, typosquatting can be a threat on the internet. Users are best advised to be vigilant when they are browsing, particularly if you type a domain into the web browser URL field by hand.