Typosquatting

Last updated April 02, 2024

An incorrectly entered URL could lead to a website operated by a cybersquatter.

Typosquatting, also called URL hijacking, a sting site, a cousin domain, or a fake URL, is a form of cybersquatting, and possibly brandjacking which relies on mistakes such as typos made by Internet users when inputting a website address into a web browser. A user accidentally entering an incorrect website address may be led to any URL (including an alternative website owned by a cybersquatter).

Once in the typosquatter's site, the user may also be tricked into thinking that they are in fact in the real site, through the use of copied or similar logos, website layouts, or content. Spam emails sometimes make use of typosquatting URLs to trick users into visiting malicious sites that look like a given bank's site, for instance.

The Magniber ransomware is being distributed in a typosquatting method that exploits typos made when entering domains, targeting mainly Chrome and Edge users.^[1]

Motivation

There are several different reasons for typosquatters buying a typo domain:

To try to sell the typo domain back to the brand owner
To monetize the domain through advertising revenues from direct navigation misspellings of the intended domain
To redirect the typo-traffic to a competitor
To redirect the typo-traffic back to the brand itself, but through an affiliate link, thus earning commissions from the brand owner's affiliate program
As a phishing scheme to mimic the brand's site, while intercepting passwords which the visitor enters unsuspectingly^[2]
To install drive-by malware or revenue generating adware onto the visitors' devices
To harvest misaddressed e-mail messages mistakenly sent to the typo domain
To express an opinion that is different from the intended website's opinion
By legitimate site owners, to block malevolent use of the typo domain by others
To annoy users of the intended site

Examples

Many companies, including Verizon, Lufthansa, and Lego, have gained reputations for aggressively chasing down typosquatted names. Lego, for example, has spent roughly US$500,000 on taking 309 cases through UDRP proceedings.^[3]

Celebrities have also frequently pursued their domain names. Prominent examples include basketball player Dirk Nowitzki's UDRP of DirkSwish.com^[4] and actress Eva Longoria's UDRP of EvaLongoria.org.^[5]

Goggle, a typosquatted version of Google, was the subject of a 2006 web safety promotion by McAfee, which depicted the significant amounts of malware installed through drive-by downloads upon accessing the site at the time. Most notably, Goggle installed SpySheriff. Later the URL redirected to google.com;^[6] a 2018 check revealed it to redirect users to adware pages, and a 2020 attempt to access the site through a private DNS resolver hosted by AdGuard resulted in the page being identified as malware and blocked for the user's security. By mid-2022, it had been turned into a political blog.

Another example of corporate typosquatting is yuube.com, targeting YouTube users by programming that URL to redirect to a malicious website or page that asks users to add a malware "security check extension".^[7] Similarly, www.airfrance.com has been typosquatted by www.arifrance.com, diverting users to a website peddling discount travel (although it now redirects to a warning from Air France about malware).^[8] Other examples are Equifacks.com (Equifax.com), Experianne.com (Experian.com), and TramsOnion.com (TransUnion.com); these three typosquatted sites were registered by comedian John Oliver for his show Last Week Tonight .^[9]^[10]^{[ better source needed ]} Over 550 typosquats related to the 2020 U.S. presidential election were detected in 2019.^[11]

In United States law

In the United States, the 1999 Anticybersquatting Consumer Protection Act (ACPA) contains a clause (Section 3(a), amending 15 USC 1117 to include sub-section (d)(2)(B)(ii)) aimed at combatting typosquatting.^[12]^[13]

On April 17, 2006, evangelist Jerry Falwell failed to get the U.S. Supreme Court to review a decision allowing Christopher Lamparello to use www.fallwell.com. Relying on a plausible misspelling of Falwell's name, Lamparello's gripe site presents misdirected visitors with scriptural references that are intended to counter the fundamentalist preacher's scathing rebukes against homosexuality. In Lamparello v. Falwell , the high court let stand a 2005 Fourth Circuit opinion that "the use of a mark in a domain name for a gripe site criticizing the markholder does not constitute cybersquatting."

WIPO resolution procedure

Under the Uniform Domain-Name Dispute-Resolution Policy (UDRP), trademark holders can file a case at the World Intellectual Property Organization (WIPO) against typosquatters (as with cybersquatters in general).^[8] The complainant has to show that the registered domain name is identical or confusingly similar to their trademark, that the registrant has no legitimate interest in the domain name, and that the domain name is being used in bad faith.^[8]

Related Research Articles

In the Internet, a domain name is a string that identifies a realm of administrative autonomy, authority or control. Domain names are often used to identify services provided through the Internet, such as websites, email services and more. Domain names are used in various networking contexts and for application-specific naming and addressing purposes. In general, a domain name identifies a network domain or an Internet Protocol (IP) resource, such as a personal computer used to access the Internet, or a server computer.

Reverse domain name hijacking, occurs where a rightful trademark owner attempts to secure a domain name by making cybersquatting claims against a domain name’s "cybersquatter" owner. This often intimidates domain name owners into transferring ownership of their domain names to trademark owners to avoid legal action, particularly when the domain names belong to smaller organizations or individuals. Reverse domain name hijacking is most commonly enacted by larger corporations and famous individuals, in defense of their rightful trademark or to prevent libel or slander.

Domain hijacking or domain theft is the act of changing the registration of a domain name without the permission of its original registrant, or by abuse of privileges on domain hosting and registrar software systems.

Site Finder was a wildcard DNS record for all .com and .net unregistered domain names, run by .com and .net top-level domain operator VeriSign between 15 September 2003 and 4 October 2003.

Domain name speculation, popular as domaining in professional jargon, is the practice of identifying and registering or acquiring generic Internet domain names as an investment with the intent of selling them later for a profit.

URL redirection, also called URL forwarding, is a World Wide Web technique for making a web page available under more than one URL address. When a web browser attempts to open a URL that has been redirected, a page with a different URL is opened. Similarly, domain redirection or domain forwarding is when all pages in a URL domain are redirected to a different domain, as when wikipedia.com and wikipedia.net are automatically redirected to wikipedia.org.

The Anticybersquatting Consumer Protection Act (ACPA), 15 U.S.C. § 1125(d),(passed as part of Pub. L.Tooltip Public Law 106–113 ) is a U.S. law enacted in 1999 that established a cause of action for registering, trafficking in, or using a domain name confusingly similar to, or dilutive of, a trademark or personal name. The law was designed to thwart "cybersquatters" who register Internet domain names containing trademarks with no intention of creating a legitimate web site, but instead plan to sell the domain name to the trademark owner or a third party. Critics of the ACPA complain about the non-global scope of the Act and its potential to restrict free speech, while others dispute these complaints. Before the ACPA was enacted, trademark owners relied heavily on the Federal Trademark Dilution Act (FTDA) to sue domain name registrants. The FTDA was enacted in 1995 in part with the intent to curb domain name abuses. The legislative history of the FTDA specifically mentions that trademark dilution in domain names was a matter of Congressional concern motivating the Act. Senator Leahy stated that "it is my hope that this anti-dilution statute can help stem the use of deceptive Internet addresses taken by those who are choosing marks that are associated with the products and reputations of others".

<span class="mw-page-title-main">Typographical error</span> Mistake made in typing printed material

A typographical error, also called a misprint, is a mistake made in the typing of printed or electronic material. Historically, this referred to mistakes in manual typesetting. Technically, the term includes errors due to mechanical failure or slips of the hand or finger, but excludes errors of ignorance, such as spelling errors, or changing and misuse of words such as "than" and "then". Before the arrival of printing, the copyist's mistake or scribal error was the equivalent for manuscripts. Most typos involve simple duplication, omission, transposition, or substitution of a small number of characters.

.cm is the country code top-level domain (ccTLD) for Cameroon.

The Uniform Domain-Name Dispute-Resolution Policy (UDRP) is a process established by the Internet Corporation for Assigned Names and Numbers (ICANN) for the resolution of disputes regarding the registration of internet domain names. The UDRP currently applies to all generic top level domains, some country code top-level domains, and to all new generic top-level domains.

John Zuccarini is an American businessman who served time in federal prison for violating the Truth in Domain Names Act. Zuccarini operated a domain name speculation business. He is reported as owning 5500 domains before his arrest.

Mousetrapping is a technique that prevents users from exiting a website through standard means. It is frequently used by malicious websites, and is often seen on tech support scam sites.

URL shortening is a technique on the World Wide Web in which a Uniform Resource Locator (URL) may be made substantially shorter and still direct to the required page. This is achieved by using a redirect which links to the web page that has a long URL. For example, the URL "https://example.com/assets/category_B/subcategory_C/Foo/" can be shortened to "https://example.com/Foo", and the URL "https://en.wikipedia.org/wiki/URL_shortening" can be shortened to "https://w.wiki/U". Often the redirect domain name is shorter than the original one. A friendly URL may be desired for messaging technologies that limit the number of characters in a message, for reducing the amount of typing required if the reader is copying a URL from a print source, for making it easier for a person to remember, or for the intention of a permalink. In November 2009, the shortened links of the URL shortening service Bitly were accessed 2.1 billion times.

<span class="mw-page-title-main">McAfee SiteAdvisor</span> Website safety report software

The McAfee SiteAdvisor, later renamed as the McAfee WebAdvisor, is a service that reports on the safety of web sites by crawling the web and testing the sites it finds for malware and spam. A browser extension can show these ratings on hyperlinks such as on web search results. Users could formerly submit reviews of sites.

People for the Ethical Treatment of Animals v. Doughney, 263 F.3d 359, was an Internet domain trademark infringement decision by the United States Court of Appeals for the Fourth Circuit. The ruling became an early precedent on the nature of domain names as both trademarked intellectual property and free speech.

DNS hijacking, DNS poisoning, or DNS redirection is the practice of subverting the resolution of Domain Name System (DNS) queries. This can be achieved by malware that overrides a computer's TCP/IP configuration to point at a rogue DNS server under the control of an attacker, or through modifying the behaviour of a trusted DNS server so that it does not comply with internet standards.

Cybersquatting is the practice of registering, trafficking in, or using an Internet domain name, with a bad faith intent to profit from the goodwill of a trademark belonging to someone else.

Lamparello v. Falwell, 420 F.3d 309, was a legal case heard by the United States Court of Appeals for the Fourth Circuit concerning allegations of cybersquatting and trademark infringement. The dispute centered on the right to use the domain name fallwell.com, and provides discussion on cybersquatting as it applies to criticism of a trademark.

A doppelganger domain is a domain that is spelled identically to a legitimate fully qualified domain name (FQDN) but missing the dot between host/subdomain and domain, to be used for malicious purposes.

DealsPlus is an online coupon and deal social commerce website. It combines aspects of an online coupon site and user-generated content driven deal focused sites. Like other coupon and deals sites, SEO plays an important role in DealsPlus’ business. Based on an SEO analysis, Priceonomics ranked DealsPlus third behind RetailMeNot and Coupons.com for a sample of key word terms.

References

↑ MalBot (2022-10-25). "Rapidly Evolving Magniber Ransomware". malware.news. Retrieved November 16, 2022.
↑ Claes, Bell (17 August 2015). "'Typosquatting': How 1 Mistyped Letter Could Lead to ID Theft". Bankrate. Archived from the original on 20 August 2015.
↑ Allemann, Andrew (1 November 2011). "Has Lego's $500k Spent on URDP Been a Waste?". Domain Name Wire. Archived from the original on 2 November 2011.
↑ Allemann, Andrew (12 September 2011). "Dallas Mavericks Star Dirk Nowitzki Wins Dispute Over Domain Name". Domain Name Wire. Archived from the original on 27 September 2011.
↑ Allemann, Andrew (5 May 2011). "Eva Longoria Adds .Org to Her Collection". Domain Name Wire. Archived from the original on 7 May 2011.
↑ Allemann, Andrew (23 August 2011). "Google Wants to Take Down Goggle.com Web Site". Domain Name Wire. Archived from the original on 25 August 2011.
↑ Gopalakrishnan, Chandu (5 May 2010). "Your Spelling Errors Can Help Typosquatters Make Big Bucks". The Economic Times. Archived from the original on 12 August 2011.
1 2 3 Slavitt, Kelly M. (26 March 2008). "Protecting Your Intellectual Property from Domain Name Typosquatters". FindLaw. Archived from the original on 26 July 2013.
↑ Debter, Lauren (April 16, 2016). "John Oliver Takes Aim At Credit Reports In 'Last Week Tonight'". Forbes . Retrieved July 17, 2023.
↑ Durkin, J. D. (11 April 2016). "John Oliver Creates Fake Web Sites to Troll Major Three Credit Bureaus". Archived from the original on 14 April 2016.
↑ harrison-van-riper (2019-10-16). "Typosquatting and the 2020 U.S. Presidential election | Digital Shadows". www.digitalshadows.com. Archived from the original on 2021-09-04. Retrieved 2021-09-04.
↑ "S. 1255 –Trademark Cyberpiracy Prevention Act". Archived from the original on 21 September 2018.
↑ Metz, Cade (23 October 2008). "Without Typo-squatters, How Far Would Google Fall?". The Register. Archived from the original on 24 October 2008.

External links

Giles, Jim (17 February 2010). "Typos may earn Google $500m a year". New Scientist . Retrieved July 19, 2023. (reporting research by Ben Edelman and Tyler Moore: Measuring Typosquatting Perpetrators and Funders)
"The Internet Commerce Association Code of Conduct". InternetCommerce.org. Retrieved 2007-09-13. The Internet Commerce Association's (ICA) Member Code of Conduct expresses the ICA's recognition of the responsibilities of its members to the intellectual property, domain name, and at large Internet communities and will guide members in conducting their domain name investment and development activities with professionalism, respect and integrity.
"The Coalition Against Domain Name Abuse to Combat Cybersquatting". ComplianceAndPrivacy.com. Retrieved 2007-09-20. With growing ease and profitability, sophisticated cybersquatters are exploiting a flaw in the domain name registration process whereby domain names are registered and subsequently dropped, risk free, within an accepted 5-day grace period.
"TypoSquatting" . Retrieved 2013-02-27. Web tool which shows lots of mistyped registered domains (German).
Nation Squid: How One Typo Destroyed Thousands of Computers

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] MalBot (2022-10-25). "Rapidly Evolving Magniber Ransomware". malware.news. Retrieved November 16, 2022.

[2] Claes, Bell (17 August 2015). "'Typosquatting': How 1 Mistyped Letter Could Lead to ID Theft". Bankrate. Archived from the original on 20 August 2015.

[3] Allemann, Andrew (1 November 2011). "Has Lego's $500k Spent on URDP Been a Waste?". Domain Name Wire. Archived from the original on 2 November 2011.

[4] Allemann, Andrew (12 September 2011). "Dallas Mavericks Star Dirk Nowitzki Wins Dispute Over Domain Name". Domain Name Wire. Archived from the original on 27 September 2011.

[5] Allemann, Andrew (5 May 2011). "Eva Longoria Adds .Org to Her Collection". Domain Name Wire. Archived from the original on 7 May 2011.

[6] Allemann, Andrew (23 August 2011). "Google Wants to Take Down Goggle.com Web Site". Domain Name Wire. Archived from the original on 25 August 2011.

[7] Gopalakrishnan, Chandu (5 May 2010). "Your Spelling Errors Can Help Typosquatters Make Big Bucks". The Economic Times. Archived from the original on 12 August 2011.

[slavitt-8] 1 2 3 Slavitt, Kelly M. (26 March 2008). "Protecting Your Intellectual Property from Domain Name Typosquatters". FindLaw. Archived from the original on 26 July 2013.

[9] Debter, Lauren (April 16, 2016). "John Oliver Takes Aim At Credit Reports In 'Last Week Tonight'". Forbes . Retrieved July 17, 2023.

[10] Durkin, J. D. (11 April 2016). "John Oliver Creates Fake Web Sites to Troll Major Three Credit Bureaus". Archived from the original on 14 April 2016.

[11] rrison-van-riper (2019-10-16). "Typosquatting and the 2020 U.S. Presidential election | Digital Shadows". www.digitalshadows.com. Archived from the original on 2021-09-04. Retrieved 2021-09-04.

[12] "S. 1255 –Trademark Cyberpiracy Prevention Act". Archived from the original on 21 September 2018.

[13] Metz, Cade (23 October 2008). "Without Typo-squatters, How Far Would Google Fall?". The Register. Archived from the original on 24 October 2008.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

v t e Domain name parking
General	Reverse domain hijacking Cybersquatting Domain name drop list Domain name speculation Domain sniping Domain parking Domain tasting Domain name warehousing Doppelganger domain Type-in traffic Typosquatting Domain name front running Drop registrar
Legal	Uniform Domain-Name Dispute-Resolution Policy Anticybersquatting Consumer Protection Act (Trademark Cyberpiracy Prevention Act) PROTECT Act of 2003
Technical	Domain hack Wildcard DNS record Fast flux