What is typosquatting?

Nathan Hill-Haimes

5 MIN READ

Bonded DSL

Bonded DSL Bonded DSL (Digital Subscriber Line) is in many ways similar to an ADSL (Asymmetric Digit...

4 MIN READ

    What is typosquatting?

    Typosquatting is another name for URL hijacking. It is cybersquatting that targets individuals who accidentally mistype a website address into their web browser. Cybersquatters register domain names that are common spelling errors of the target brand in the hopes of capturing people who make that particular typo when entering their desired URL. Protecting users against typosquatting is an import aspect of email security.

    New call-to-action

    An internet user who mistypes the URL may not be aware that they are browsing a dummy version of their desired website. The fake website owner can leverage this ignorance to do things like selling a competitor's products or, worse, phishing, trick the user into divulging sensitive data like account login credentials or bank account/card details.

    What does typosquatting mean?

    The term 'squatting' originates from the practice of people taking up residence in another person's property while they are absent. In typosquatting, the perpetrator essentially does the same thing - setting up a fraudulent website by registering a very similar URL to a legitimate brand. It is a form of identity theft and is always done with malicious intent.

    The fraudulent website owner uses the mistyped URL as their 'home', taking in people who unwittingly type in the wrong URL and tricking them into believing they are at the website they wanted. This involves analysing and mimicking the legitimate brand's website to provide a similar browsing experience, but with some key differences.

    In the best-case scenario, the website will be selling products that come from the brand's competitors in question. However, the fraudulent website will likely be laden with traps to trick users into typing sensitive information. The typosquatting attack may prompt an internet user to log into their account, meaning they will divulge their login credentials to the typo squatters for the genuine brand. Or they can prompt users to enter their debit card details to make a purchase, disclosing sensitive information that they could use to steal money from unknowing users.

    Typosquatting means a malicious entity 'squats' at a URL that is a standard typo for a legitimate brand in hopes of capturing unsuspecting visitors who think they are browsing a genuine website. Those people are thus placed in a vulnerable position, potentially exposed to a cyber attack from a malicious domain such as identity theft.

    Another problem with typosquatting is for the brands themselves. Often, the only way to remove the threat of fake URLs is for the legitimate brand to purchase them. The typo squatter knows this, putting them in a strong position to demand huge sums from the brand to acquire the typosquatting site and protect their customers.

    What is typosquatting?

    What is an example of typosquatting?

    Let's look at a few examples of typosquatting:

    1. Adding or removing letters/numbers on a web address

    These URLs focus on a common typing mistake that people make. For example, an infamous typosquatting site called goggle.com (the misspelled domain posing as Google) allowed cybercriminals to download malware onto visitors' devices.

    2. Exploiting frequently misspelt words

    Sometimes, cybersquatters use words that can be difficult to spell and are often spelt wrong by many people. These are a popular target for typosquatters since visitors are unlikely to realise they have made a spelling error in the URL of the malicious website.

    A fashion design website jacquemus.com was typosquatted as jaqumus.com (note the missing 'e'), the cybersquatting infected visitors' devices with malware.

    3. Exploiting the top-level domain (TLD) system

    This aspect refers to the last part of a domain name, like .com or .org. Typosquatters have been known to purchase domains with different TLDs to trick users into visiting them.

    Domain names like iTunes.cm, Walmart.co or Costco.om have all been discovered posing fraudulently as big brands to trick users into downloading malware.

    How does typosquatting work?

    Typosquatting works in bad faith by fooling people who have made a typing mistake on a URL (or visited the wrong domain altogether) into believing they are at their desired website. It is a trick that has cybercriminals have used for a long time, but it has become more sophisticated recently to fool more savvy internet users.

    Since we are all familiar with what we should expect to see online, we are finely tuned to spot typical phishing attack red flags like bad grammar or spelling on a website or a browsing experience that doesn't feel right. Scammers are aware of this, so they go to more significant effort to keep users fooled.

    With many solutions available to create websites and lots of content available to copy and paste, the people who make fraudulent websites can do so very convincingly. They don't even need web design skills or coding experience since there are ways to create websites with drag-and-drop page designers. This amounts to increasingly convincing fakes, and the more people who are tricked, the more critical it becomes for the legitimate brand to address the problem.

    Whether the aim is to steal from users or pressure big brands into buying the fraudulent domain, typosquatting can be a threat on the internet. Users are best advised to be vigilant when they are browsing, particularly if you type a domain into the web browser URL field by hand.

    New call-to-action

    Compare Fibre Internet Prices In Real Time At Your Location

    Introducing AmviaSearch - The Fastest Way To Get The Best Business Fibre Deal Online

    SEARCH NOW

    Subscribe Now

    Get comparisons, reviews, the latest trends and prices for fibre internet, VoIP phone systems & IT security from Amvia.

    Happy young couple calculating bills at home

    Related Posts:

    Email spoofing

    Email spoofing What is meant by email spoofing? Em...

    5 MIN READ

    What is DMARC?

    What is DMARC? Emails are the most common form of ...

    5 MIN READ

    What is DKIM?

    What is DKIM? There are various tools and techniqu...

    5 MIN READ