Explained: typosquatting [updated] - Malwarebytes Labs | Malwarebytes Labs 4/16/20, 11:17 PM

Search Labs SUBSCRIBE ! " # $

ABOUT THE AUTHOR

Pieter Arntz #
Malware Intelligence
Researcher

Was a Microsoft MVP in consumer

security for 12 years running. Can speak
four languages. Smells of rich
mahogany and leather-bound books.

For Home For Business Pricing Partners Resources Support Company Sign in FREE DOWNLO

CYBERCRIME | SOCIAL ENGINEERING

Explained: typosquatting [updated]

Posted: June 23, 2016 by Pieter Arntz
Last updated: February 18, 2017

Typosquatting is a term you may have seen when reading about Internet scams. In essence it relies on
users making typing errors (typos) when entering a site or domain name. Sometimes it is also referred to
as URL hijacking or domain mimicry, but IMHO the word typosquatting describes the matter more
adequate.

Roads to success

As you will understand the success of a typosquat scammer depends on the number of victims that are
likely to misspell the intended domain and land on the scammers’ pages. To maximize the success rate
takes some insight into the workings of human mind-fingers coordination.

Another thing to keep in mind is that there are many different keyboard layouts, so replacing one letter
with an adjourning character on the QWERTY keyboard does not work for everyone.

One road to success depends on the occurrence of double letters in a domain name. A regular mistake is
to type the consecutive letter double instead of the intended one. For example the rather famous
goggle[dot]com.

Another often used trick is to try and register domains with the same name but with a different top-level
domain (TLD).

https://blog.malwarebytes.com/cybercrime/2016/06/explained-typosquatting/ Page 1 of 6
Explained: typosquatting [updated] - Malwarebytes Labs | Malwarebytes Labs 4/16/20, 11:17 PM

This is actually an adult site

For example, whitehouse[dot]com when the actual site is at whitehouse.gov. But, in most cases you will
find that organizations have already registered the domains with their company names and the most
popular TLD’s, so that these will redirect to the actual site rather then that they could be abused.

Note that were it concerns companies, similar domains are also registered for other reasons then
typosquatting like for example CEO fraud as explained in more detail elsewhere on our blog.

Celebrities are a different case. It seems they often register only one domain if any at all. That leaves all the
rest up for grabs. Sometimes these are scooped up by early fans, but scammers and advertisers are happy
to exploit them at any opportunity they get.

Who are you going to call?

If you are famous or the owner of a very popular domain you may want to know who to contact when you
notice your domain is being typosquatted. There are several organizations you can turn to. It depends on
the type of infringement and how you want the case to be handled.

WIPO (World Intellectual Property Organization), you can ask the WIPO to rule that the domain(s) be
transferred to you, but it is up to you to prove that the domain(s) meet some requirements, and I quote:

the domain name is identical or confusingly similar to a trademark or service

mark in which the complainant has rights; and the domain name holder has no
rights or legitimate interests in respect of the domain name; and the domain
name has been registered and is being used in bad faith.

Anticybersquatting Consumer Protection Act (ACPA), one of the ACPA’s most widely used and powerful
tools is its “imposition of civil liability on someone who registers and/or uses a domain name that is
confusingly similar to someone else’s trademark with the intent to profit from the use.” Damages can
amount up to a maximum of $100,000 per domain, but they depend on several factors, including how
the domain was used and to what extent it included the popular name that it was mimicking.

ICANN (Internet Corporation for Assigned Names and Numbers), the non-profit organization
responsible for managing the top-level domain name system and Internet Protocol (IP) allocation. If
you are just trying to reclaim a domain, this is often done quickly by ICANN, but they can’t award any
damages.

Profitable

In the light of what experienced scammers are able to make of a successful typosquatted site, the
maximum damages are not an adequate measure, so CADNA (Coalition Against Domain Name Abuse)
argues for increasing the penalties for these practices.

https://blog.malwarebytes.com/cybercrime/2016/06/explained-typosquatting/ Page 2 of 6
Explained: typosquatting [updated] - Malwarebytes Labs | Malwarebytes Labs 4/16/20, 11:17 PM

A few tips to avoid ending up at the wrong site

In essence most of these tips are very basic as they are aimed at not typing the url.

Bookmark your favorites

Use search results rather than typing the url in the address bar

Leave some or all of the sites that you visit every day open in your browser tabs (most popular browsers
offer the option to continue where you left off or to specify a set of sites to start with)

Never click links in unexpected mails or on unknown sites

Use an Antivirus or Anti-malware solution that offers web protection and preferably even an anti-exploit
solution.

As always, save yourself the hassle, use adequate protection.

Links
Measuring the Perpetrators and Funders of Typosquatting

example WIPO ruling

Icannwiki about typosquatting

Updated to add a link to a scientific study that monitored the typosquatting landscape over a period of
several months. For those interested in a scientific look into this field we recommend reading Seven
Months’ Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse

Pieter Arntz

SHARE THIS ARTICLE

" # $

COMMENTS

https://blog.malwarebytes.com/cybercrime/2016/06/explained-typosquatting/ Page 3 of 6