Table of Contents
Typosquatting, also known as URL hijacking, is an opportunistic cybercrime that capitalises on internet users making typing errors when inputting a website address. Its methodology is strikingly simple yet deceptively effective. Threat actors create and register domains similar to popular websites but with common typographical errors to exploit unsuspecting users who mistype URLs.
The technique is similar to lookalike domains. But unlike lookalike domains—in which attackers register domains that look confusingly similar to those of trusted brands—typosquatting tries to cash in on users’ clumsiness with their keyboard.
Typosquatting has been instrumental in executing phishing attacks, spreading malware and committing brand infringement, among other illicit activities. For example, the infamous 2016 U.S. election hacking incident was partially attributed to typosquatting, illustrating its potential as a tool for political manipulation.
In an era where cybersecurity is paramount, understanding and countering typosquatting is critical. Beyond understanding the definition of typosquatting, this article delves into its intricacies, different types and preventive measures to protect against typosquatting.
Cybersecurity Education and Training Begins Here
Here’s how your free trial works:
- Meet with our cybersecurity experts to assess your environment and identify your threat risk exposure
- Within 24 hours and minimal configuration, we’ll deploy our solutions for 30 days
- Experience our technology in action!
- Receive report outlining your security vulnerabilities to help you take immediate action against cybersecurity attacks
Fill out this form to request a meeting with our cybersecurity experts.
Thank you for your submission.
Typosquatting vs. Cybersquatting: What’s the Difference?
Understanding the dynamics of cybersquatting and typosquatting is crucial to recognise their unique threats and devise effective countermeasures. While both exploit domain name systems for malicious gains, their strategies set them apart.
Typosquatting
Typosquatting as outlined earlier, is a technique where criminals create and register domains that mimic popular websites but with slight typographical alterations. The aim is to direct users who mistyped URLs to these fraudulent sites. Typosquatters often leverage common typographical errors, such as omissions (e.g., “gogle” instead of “google”), transpositions (“gogole” instead of “google”), or incorrect TLDs (e.g., “.cm” instead of “.com”).
Cybersquatting
Cybersquatting, on the other hand, is registering domain names that are identical or strikingly similar to well-known brands or trademarks to profit from them. Cybersquatters primarily exploit the first-come, first-serve nature of domain registration. They often sell the domain to the rightful brand owner at an inflated price or use the domain’s likeness to a popular brand to attract traffic and generate ad revenue.
Statistically, both practices represent significant cyber threats. A 2019 study by Palo Alto Networks revealed that around 13,857 typosquatting domains targeted the top 500 most-visited websites worldwide. Meanwhile, the World Intellectual Property Organization (WIPO) reported 5,423 cybersquatting cases in 2022 alone. These figures reinforce the need for vigilance and robust cybersecurity measures to counter these ever-evolving threats.
How Typosquatting Works
Typosquatting, as the name implies, relies heavily on the inevitability of human error—specifically, typographical errors made when typing a website’s URL into a web browser. The typosquatter strategically registers domain names that exploit common typing mistakes to lure unsuspecting users to their imitation websites. Below are the primary ways typosquatters manipulate domain names:
- Misspellings: This is perhaps the most straightforward method. Typosquatters register domains that are close misspellings of popular websites. For instance, if a user intended to visit “www.wikipedia.org” and mistakenly typed “www.wikipedai.org”, they could be redirected to a typosquatted site.
- Omissions: In this case, typosquatters anticipate the errors users might make by omitting a letter from a domain name. For instance, typing “www.gogle.com” instead of “www.google.com” could lead a user to a false website.
- Transpositions: Users sometimes switch the order of letters while typing quickly. A typosquatter might register a domain like “www.faecbook.com”, anticipating that some users will transpose the “e” and “c” in “facebook”.
- Wrong Top-Level Domains (TLDs): TLDs are the suffixes at the end of a domain name like .com, .net, .org, etc. Users sometimes mistakenly use the wrong TLD when typing a URL. For instance, users might type “www.amazon.co” instead of “www.amazon.com”.
- Adding Extra Characters: Typosquatters also register domains where users might mistakenly add extra characters. For example, typing “www.faceboook.com” instead of “www.facebook.com” can lead to a deceptive site.
- Subdomain Squatting: In this case, the typosquatter adds a popular domain name as a subdomain of a less significant domain. For instance, a typosquatter might register “www.google.scamwebsite.com”. Users may overlook the actual domain and believe they are on a legitimate Google site.
- Hyphenation: Users often forget to add hyphens in domain names or add them where they don’t belong. For instance, “www.face-book.com” or “www.face--book.com”.
In all these scenarios, once users land on the typosquatted website, they might face various security threats, from phishing attempts and malware downloads to intrusive advertising. Users often don’t realise they’re on a fraudulent site, particularly if the typosquatter has mimicked the legitimate site’s appearance. This makes typosquatting a subtle yet potent cybersecurity threat.
Types of Typosquatting
While typosquatting broadly refers to the practice of registering misspelled domain names, there are several types, each with its distinct objectives. Here’s an overview of the most common types:
Phishing Typosquatting
As with most phishing schemes, this form of typosquatting is used primarily to steal sensitive user data. Once users land on the typosquatted site, they’re asked to enter personal or financial information (such as login credentials or credit card numbers). The site’s design is often convincingly similar to the legitimate site, making it difficult for users to recognise the deception.
Malware Typosquatting
In this type, typosquatted sites are used as a platform to install malware on users’ devices. Once a user lands on the site, they could unwittingly download harmful software, which might then steal data, corrupt files, or take control of the device.
Advert Typosquatting
The primary objective here is to generate ad revenue. The typosquatted site is usually filled with advertisements; the typosquatter earns money every time a user sees or clicks on one of these ads. While not as immediately damaging as other types, advert typosquatting can still be a nuisance and lead to wasted time and resources.
Reputation Damaging Typosquatting
Damaging the reputation of a legitimate site is the goal here. The typosquatted site typically contains harmful or negative content associated with the legitimate brand, thus tarnishing its image in the eyes of users who land on the site.
Sale of Typosquatted Domain
In some cases, typosquatters register misspelled domain names to sell them to the legitimate site owner at an inflated price. While annoying, this is more of an opportunistic tactic and usually doesn’t harm users directly.
Traffic Diversion Typosquatting
Here, the goal is to divert traffic from the legitimate site to a competitor’s site. Users who mistype the URL are redirected to the competitor’s site, giving it additional traffic and potentially taking business away from the legitimate site.
These types of typosquatting illustrate the diverse ways this technique can be employed for malicious ends. Each poses unique risks that require specific preventive measures to mitigate potential harm.
Real-World Examples of Typosquatting
Typosquatting has been utilised in a range of cyber attacks over the years, affecting everything from large corporations to national elections. Here are a few notable examples:
- Google: Google’s typosquatting site, Goggle.com, was infamous for downloading malware onto website visitors’ devices. The malware showed spam pop-ups containing pornographic imagery. It also downloaded a rogue antivirus programme named “SpySheriff” that damaged victims’ devices.
- IRS Typosquatting: In a more nefarious example, criminals created typosquatted sites mimicking the U.S. Internal Revenue Service’s official website to defraud taxpayers. Users who accidentally landed on these sites were prompted to enter personal and financial information, leading to identity theft and financial loss.
- 2020 U.S. Census Typosquatting: In the lead-up to the 2020 U.S. Census, several typosquatted domains were registered to resemble the official Census Bureau’s website. These fake sites aimed to collect personal information from visitors or spread misinformation about the census process.
- COVID-19 Typosquatting: The global pandemic saw a surge in typosquatting, with malicious actors creating domains resembling legitimate sites providing information or services related to COVID-19. The World Health Organization and other health agencies issued warnings and reports about these fraudulent sites that aimed to spread malware or steal personal information.
- Amazon Typosquatting: Amazon has also been a frequent target of typosquatters. A notable instance involved a domain called “Amazan.com”. which redirected users to a page full of ads while simultaneously trying to install potentially unwanted programmes (PUPs) onto the users’ computers.
These real-world examples demonstrate typosquatting’s varied forms and objectives, from financial gain to spreading misinformation.
Dangers of Typosquatting
Typosquatting may seem like a simple act of trickery, but it harbours severe and far-reaching consequences that affect both businesses and individuals. Here are some of the primary dangers associated with typosquatting:
- Data Theft: The most direct risk of typosquatting is data theft. Phishing typosquatting can trick users into entering personal or financial data, such as login credentials or credit card information, into a fake site. This data can then be used for identity theft, financial fraud, or sold on the dark web.
- Malware Infections: Some typosquatted sites aim to infect visitors’ devices with malware. This malware can take many forms, including spyware, ransomware, and trojans, and can steal data, cause system damage, or even allow the attacker to take control of the device.
- Financial Loss: Typosquatting can lead to direct financial loss. This could result from fraudulent transactions using stolen financial data or ransom payments demanded by ransomware infections.
- Reputation Damage: For businesses, typosquatting can cause significant harm to their reputation. Customers who associate a brand with a negative experience on a typosquatted site may lose trust in the legitimate business.
- Lost Business Opportunities: Lost traffic from typosquatting can lead to lost business sales. Users intending to visit a particular site may end up on a typosquatted site, potentially leading to a loss of business.
- Legal Complications: Businesses may have to engage in costly and time-consuming legal battles to regain control of domain names from typosquatters.
- Spread of Misinformation: Typosquatted sites may spread false information, either to harm the reputation of the legitimate site or to manipulate public opinion or behaviour, as seen in the 2020 U.S. Census example.
The potential harm caused by typosquatting is vast, emphasising the importance of both robust cybersecurity measures and user education in recognising and avoiding these threats.
How to Protect Against Typosquatting
The dangers posed by typosquatting necessitate taking proactive steps to defend against it. Here are some measures both individuals and organisations can employ:
For Users:
- Double-Check URLs: Always double-check the URL you’ve typed before hitting enter, especially when visiting sites where you’ll be entering personal or financial information.
- Use Bookmarks: For frequently visited websites, especially those related to banking, email, or shopping, use bookmarks to avoid typing the URL.
- Install Security Software: Use comprehensive security software that warns about unsafe websites and blocks malicious downloads.
- Update Browser Security Settings: Most modern web browsers’ security settings can warn you about suspicious websites. Ensure these settings are activated and kept up-to-date.
- Be Sceptical of Unsolicited Communication: Be wary of unsolicited emails or messages with web links, even if they seem to be from reputable companies. If unsure, contact the company directly through their official contact channels to verify.
For Organisations:
- Register Common Misspellings of Your Domain: Proactively register domain names that are common misspellings or typos of your domain. These can then redirect users to your correct site, protecting them from potential harm and ensuring you don’t lose traffic.
- Monitor for Typosquatted Domains: Use domain monitoring services to alert you when domains are registered that closely resemble your own. This allows for quicker response times in addressing potential threats.
- Employ Legal Measures: If a typosquatted domain is discovered, consider legal action to regain control of the domain. This can be complex and time-consuming but is often necessary to protect your brand.
- Implement Domain-based Message Authentication (DMARC): DMARC can help prevent email spoofing, protecting your customers and brand from phishing attempts.
- Educate Your Customers: Make your customers aware of the dangers of typosquatting and provide them with tools and knowledge to ensure they access your genuine site.
Protection against typosquatting requires a combination of technological solutions, legal action, and user awareness. By proactively addressing this threat, individuals and organisations can greatly reduce the risks posed by typosquatting.
How Proofpoint Can Help
Navigating the digital landscape can be treacherous, given the evolving threat of typosquatting. Proofpoint offers comprehensive solutions to protect organisations and their customers from this and other cyber threats.
Proofpoint’s Domain Discover provides robust domain monitoring services. It helps you identify malicious domains registered by typosquatters, safeguarding your brand from impersonation and fraud. It provides real-time alerts, allowing you to take swift action against suspicious domains that pose a risk to your organisation or your customers.
Furthermore, Proofpoint’s Digital Risk Protection solution offers advanced protection that goes beyond the traditional perimeter. It comprehensively monitors for typosquatted domains, fake mobile apps, fraudulent social media accounts, and more. By ensuring continuous and extensive digital protection, Proofpoint helps prevent threats before they can cause harm.
To address the threat of email spoofing associated with typosquatting, Proofpoint’s Email Fraud Defense uses DMARC to authenticate the sender’s identity, protecting you and your customers from phishing scams.
Cybersecurity is not a one-and-done solution but an ongoing process. That’s why Proofpoint continuously innovates to stay ahead of the latest threats, providing you with the peace of mind to conduct your business securely and confidently. For more information, contact Proofpoint or learn more about Proofpoint’s solutions.