Professional Documents
Culture Documents
Pieter Arntz #
Malware Intelligence
Researcher
For Home For Business Pricing Partners Resources Support Company Sign in FREE DOWNLO
Typosquatting is a term you may have seen when reading about Internet scams. In essence it relies on
users making typing errors (typos) when entering a site or domain name. Sometimes it is also referred to
as URL hijacking or domain mimicry, but IMHO the word typosquatting describes the matter more
adequate.
Roads to success
As you will understand the success of a typosquat scammer depends on the number of victims that are
likely to misspell the intended domain and land on the scammers’ pages. To maximize the success rate
takes some insight into the workings of human mind-fingers coordination.
Another thing to keep in mind is that there are many different keyboard layouts, so replacing one letter
with an adjourning character on the QWERTY keyboard does not work for everyone.
One road to success depends on the occurrence of double letters in a domain name. A regular mistake is
to type the consecutive letter double instead of the intended one. For example the rather famous
goggle[dot]com.
Another often used trick is to try and register domains with the same name but with a different top-level
domain (TLD).
https://blog.malwarebytes.com/cybercrime/2016/06/explained-typosquatting/ Page 1 of 6
Explained: typosquatting [updated] - Malwarebytes Labs | Malwarebytes Labs 4/16/20, 11:17 PM
For example, whitehouse[dot]com when the actual site is at whitehouse.gov. But, in most cases you will
find that organizations have already registered the domains with their company names and the most
popular TLD’s, so that these will redirect to the actual site rather then that they could be abused.
Note that were it concerns companies, similar domains are also registered for other reasons then
typosquatting like for example CEO fraud as explained in more detail elsewhere on our blog.
Celebrities are a different case. It seems they often register only one domain if any at all. That leaves all the
rest up for grabs. Sometimes these are scooped up by early fans, but scammers and advertisers are happy
to exploit them at any opportunity they get.
If you are famous or the owner of a very popular domain you may want to know who to contact when you
notice your domain is being typosquatted. There are several organizations you can turn to. It depends on
the type of infringement and how you want the case to be handled.
WIPO (World Intellectual Property Organization), you can ask the WIPO to rule that the domain(s) be
transferred to you, but it is up to you to prove that the domain(s) meet some requirements, and I quote:
Anticybersquatting Consumer Protection Act (ACPA), one of the ACPA’s most widely used and powerful
tools is its “imposition of civil liability on someone who registers and/or uses a domain name that is
confusingly similar to someone else’s trademark with the intent to profit from the use.” Damages can
amount up to a maximum of $100,000 per domain, but they depend on several factors, including how
the domain was used and to what extent it included the popular name that it was mimicking.
ICANN (Internet Corporation for Assigned Names and Numbers), the non-profit organization
responsible for managing the top-level domain name system and Internet Protocol (IP) allocation. If
you are just trying to reclaim a domain, this is often done quickly by ICANN, but they can’t award any
damages.
Profitable
In the light of what experienced scammers are able to make of a successful typosquatted site, the
maximum damages are not an adequate measure, so CADNA (Coalition Against Domain Name Abuse)
argues for increasing the penalties for these practices.
https://blog.malwarebytes.com/cybercrime/2016/06/explained-typosquatting/ Page 2 of 6
Explained: typosquatting [updated] - Malwarebytes Labs | Malwarebytes Labs 4/16/20, 11:17 PM
In essence most of these tips are very basic as they are aimed at not typing the url.
Use search results rather than typing the url in the address bar
Leave some or all of the sites that you visit every day open in your browser tabs (most popular browsers
offer the option to continue where you left off or to specify a set of sites to start with)
Use an Antivirus or Anti-malware solution that offers web protection and preferably even an anti-exploit
solution.
Links
Measuring the Perpetrators and Funders of Typosquatting
Updated to add a link to a scientific study that monitored the typosquatting landscape over a period of
several months. For those interested in a scientific look into this field we recommend reading Seven
Months’ Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse
Pieter Arntz
" # $
COMMENTS
https://blog.malwarebytes.com/cybercrime/2016/06/explained-typosquatting/ Page 3 of 6