Typosquatting Explained

Typosquatting, also called URL hijacking, a sting site, a cousin domain, or a fake URL, is a form of cybersquatting, and possibly brandjacking which relies on mistakes such as typos made by Internet users when inputting a website address into a web browser. A user accidentally entering an incorrect website address may be led to any URL, including an alternative website owned by a cybersquatter.

The typosquatter's URL will usually be similar to the victim's site address; the typosquatting site could be in the form of:

Similar abuses:

Once on the typosquatter's site, the user may also be tricked into thinking that they are actually on the real site through the use of copied or similar logos, website layouts, or content. Spam emails sometimes make use of typosquatting URLs to trick users into visiting malicious sites that look like a given bank's site, for instance.

Motivation

There are several different reasons for typosquatters buying a typo domain:

Examples

Many companies, including Verizon, Lufthansa, and Lego, have gained reputations for aggressively chasing down typosquatted names. Lego, for example, has spent roughly on taking 309 cases through UDRP proceedings.[2]

Celebrities have also pursued their domain names. Prominent examples include basketball player Dirk Nowitzki's UDRP of DirkSwish.com[3] and actress Eva Longoria's UDRP of EvaLongoria.org.[4]

Goggle, a typosquatted version of Google, was the subject of a 2006 web safety promotion by McAfee, a computer security company, which depicted the significant amounts of malware installed through drive-by downloads upon accessing the site at the time. Goggle installed SpySheriff. Later, the URL was redirected to google.com;[5] a 2018 check revealed it to redirect users to adware pages, and a 2020 attempt to access the site through a private DNS resolver hosted by AdGuard resulted in the page being identified as malware and blocked for the user's security. By mid-2022, it had been turned into a political blog.

Another example of corporate typosquatting is yuube.com, targeting YouTube users by programming that URL to redirect to a malicious website or page that asks users to add a malware "security check extension".[6] Similarly, www.airfrance.com has been typosquatted by www.arifrance.com, diverting users to a website peddling discount travel (although it now redirects to a warning from Air France about malware).[7] Other examples are equifacks.com (Equifax.com), experianne.com (Experian.com), and tramsonion.com (TransUnion.com); these three typosquatted sites were registered by comedian John Oliver for his show Last Week Tonight.[8] [9] Over 550 typosquats related to the 2020 U.S. presidential election were detected in 2019.[10]

The Magniber ransomware is being distributed in a typosquatting method that exploits typos made when entering domains, targeting mainly Chrome and Edge users.[11]

In United States law

In the United States, the 1999 Anticybersquatting Consumer Protection Act (ACPA) contains a clause (Section 3(a), amending 15 USC 1117 to include sub-section (d)(2)(B)(ii)) aimed at combatting typosquatting.[12] [13]

On April 17, 2006, evangelist Jerry Falwell failed to get the U.S. Supreme Court to review a decision allowing Christopher Lamparello to use www.fallwell.com. Relying on a plausible misspelling of Falwell's name, Lamparello's gripe site presents misdirected visitors with scriptural references that are intended to counter the fundamentalist preacher's scathing rebukes against homosexuality. In Lamparello v. Falwell, the high court let stand a 2005 Fourth Circuit opinion that "the use of a mark in a domain name for a gripe site criticizing the markholder does not constitute cybersquatting."

WIPO resolution procedure

Under the Uniform Domain-Name Dispute-Resolution Policy (UDRP), trademark holders can file a case at the World Intellectual Property Organization (WIPO) against typosquatters (as with cybersquatters in general).[7] The complainant has to show that the registered domain name is identical or confusingly similar to their trademark, that the registrant has no legitimate interest in the domain name, and that the domain name is being used in bad faith.[7]

See also

External links

Notes and References

  1. Web site: 'Typosquatting': How 1 Mistyped Letter Could Lead to ID Theft. 17 August 2015. Claes. Bell. Bankrate. https://web.archive.org/web/20150820232605/http://www.bankrate.com/finance/credit/typosquatting-identity-theft.aspx. 20 August 2015. live.
  2. Web site: Has Lego's $500k Spent on URDP Been a Waste?. 1 November 2011 . Allemann . Andrew . Domain Name Wire . https://web.archive.org/web/20111102165431/http://domainnamewire.com/2011/11/01/has-legos-500k-spent-on-urdp-been-a-waste/. 2 November 2011. live.
  3. Web site: Dallas Mavericks Star Dirk Nowitzki Wins Dispute Over Domain Name. 12 September 2011. Allemann. Andrew. Domain Name Wire. https://web.archive.org/web/20110927065945/http://domainnamewire.com/2011/09/12/dallas-mavericks-dirk-nowitzki-domain/. 27 September 2011. live.
  4. Web site: Eva Longoria Adds .Org to Her Collection . 5 May 2011 . Allemann . Andrew . Domain Name Wire . https://web.archive.org/web/20110507065210/http://domainnamewire.com/2011/05/05/eva-longoria-adds-org-to-her-collection/. 7 May 2011. live.
  5. Web site: Google Wants to Take Down Goggle.com Web Site. 23 August 2011. Allemann. Andrew. Domain Name Wire. https://web.archive.org/web/20110825075404/http://domainnamewire.com/2011/08/23/google-wants-to-take-down-goggle-com-web-site/. 25 August 2011. live.
  6. Web site: Your Spelling Errors Can Help Typosquatters Make Big Bucks. 5 May 2010. Gopalakrishnan. Chandu. The Economic Times. https://web.archive.org/web/20110812034737/http://articles.economictimes.indiatimes.com/2010-05-05/news/28413792_1_domain-anti-cybersquatting-consumer-protection-act-website. 12 August 2011. live.
  7. Web site: Protecting Your Intellectual Property from Domain Name Typosquatters. 26 March 2008. Slavitt. Kelly M.. FindLaw. https://web.archive.org/web/20130726234418/http://corporate.findlaw.com/intellectual-property/protecting-your-intellectual-property-from-domain-name.html. 26 July 2013. live.
  8. News: Debter . Lauren . April 16, 2016 . John Oliver Takes Aim At Credit Reports In 'Last Week Tonight' . . July 17, 2023.
  9. Web site: Durkin . J. D. . 11 April 2016 . John Oliver Creates Fake Web Sites to Troll Major Three Credit Bureaus . live . https://web.archive.org/web/20160414103447/http://www.mediaite.com/online/john-oliver-creates-fake-web-sites-to-troll-major-three-credit-bureaus . 14 April 2016 . Mediaite.
  10. Web site: Riper . Harrison van . 2019-10-16 . Typosquatting and the 2020 U.S. Presidential election . live . https://web.archive.org/web/20210904000808/https://www.digitalshadows.com/blog-and-research/typosquatting-and-the-2020-u-s-presidential-election/ . 2021-09-04 . 2021-09-04 . Digital Shadows . en-US.
  11. Web site: MalBot . 2022-10-25 . Rapidly Evolving Magniber Ransomware . live . https://wayback-api.archive.org/web/20240504041023/https://malware.news/t/rapidly-evolving-magniber-ransomware/64443 . May 4, 2024 . November 16, 2022 . malware.news.
  12. Web site: S. 1255Trademark Cyberpiracy Prevention Act. https://web.archive.org/web/20180921113259/https://www.congress.gov/bill/106th-congress/senate-bill/1255/text/is. 21 September 2018. live.
  13. Web site: Without Typo-squatters, How Far Would Google Fall?. 23 October 2008. Metz. Cade. The Register. https://web.archive.org/web/20081024195809/http://www.theregister.co.uk/2008/10/23/google_and_typosquatting/. 24 October 2008. live.