What is typosquatting?
Typosquatting definition
Typosquatting is a social engineering attack involving a fake website that the victim accesses by mistyping a URL. The fake website is usually made to look identical to its legitimate counterpart and is registered under a similar domain. Typosquatting websites may run scripts to infect the victim’s browser, trick them into downloading malware, or steal their credentials.
URL hijacking is another term for typosquatting. Although it’s one of the lesser-known types of scams, typosquatting is a great example of why you should stay safe online no matter what you’re doing.
How does typosquatting work?
Bad actors often register domain names that mimic well-known brands to trick people who incorrectly type a website address into their web browser into thinking that they’re on a legitimate website. For example, weebsite.com, wbsite.com, or even website.net instead of website.com. They can even copy the structure and design of an original website, so everything looks as you expect. There are two main reasons behind this type of social engineering attack:
- 1.Selling products that are similar to the ones on an original site.
- 2.Stealing users’ passwords, credit card details, and other data.
From a business perspective, domain typosquatting can seriously damage a company’s reputation and steal a significant amount of its traffic. If a customer gets scammed while trying to access their website, they might choose a different service provider next time.
Common causes of typosquatting include typos, where people typing quickly make mistakes and end up on fake websites, and misspellings, where uncertainty about a brand name’s spelling leads users to incorrect sites. While many reputable services buy misspelled domains to redirect users correctly, hackers can exploit the ones that are not secured.
Wrong domain extensions, which can include .com, .net, .co, and .us, also contribute to typosquatting when users forget the correct one and type in the wrong extension. Additionally, hyphenated domains can cause confusion because they are not commonly used, making it easier for users to mistype the domain name.
What is the difference between cybersquatting and typosquatting?
Cybersquatting and typosquatting are both types of cybercrime involving URLs, but their methods, targets, and intentions are completely different.
Typosquatting is a type of domain spoofing that usually targets normal internet users. It involves registering a domain name that is a slight misspelling or variation of a popular website. The goal, in this case, is usually to redirect users to a malicious alternative website, often for financial gain.
On the other hand, cybersquatting involves registering domain names of established trademarks that do not have a website yet with the aim of selling them to the brand owner for profit. It’s essentially a form of online trademark infringement or, in some cases, even identity theft.
Types of typosquatting
Typosquatting can take many forms, each with its own unique approach to deceiving users. Below are some of the most common types of typosquatting.
Bait and switch
You accidentally end up on a fake website and purchase something, but your items never arrive.
Imitators
As the name suggests, imitators portray themselves as legitimate sites and intend to steal your personal information. Companies track imitators and try to shut them down as soon as possible, but it can take a while to do so.
Domain parking
After misspelling a URL, you might find yourself on a website that offers to buy this domain (and similar domains). These websites can also contain ads that generate revenue for their owner.
Malicious websites
Some websites store malware and intend to infect your system. In rare cases, it’s even possible to get malware just by visiting a malicious website.
Surveys and giveaways
These websites ask customers for feedback or give them something for free while trying to steal their sensitive information.
Affiliate links
A fake website redirects traffic back to the original site in order to receive commission. However, brands closely track who they’re paying money to, so these kinds of scams usually don’t last long.
Examples of typosquatting attacks
Goggle.com is probably one of the most well-known typosquatting examples, which gained notoriety in 2006. After accidentally loading this bogus website, users were bombarded with ads and viruses. At that time, many computers lacked proper protection from malicious programs, so Goggle.com infected thousands of devices.
Agar.io is a multiplayer online action game, which caught the attention of typosquatters in 2015. They created a website called agor.io which intended to scare users by making metallic sounds, changing colors, and showing an image of Jeff the Killer, a character from a popular horror story shared around the internet. The agor.io jumpscare website was taken down the same year, but it certainly caused panic among gamers.
One of the most recent well-known examples of typosquatting was related to the 2020 US presidential election. At that time, criminals set up over 550 typosquatting domains with various malicious intentions using the names of the presidential candidates.
How to prevent typosquatting
For individual users
- Always double-check a URL. If you’re not sure how to spell a website’s name correctly, use search engines to access the legitimate site. Before pressing “Enter,” inspect the domain name, and make sure you didn’t leave any typos.
- Never click on suspicious links in emails. Since criminals often use phishing attacks to redirect users to fake websites, never click on links in your email before closely inspecting them first. Look for grammar mistakes and a sense of urgency. You can also hover over a link to see where exactly it is going, or use anti-phishing tools that automatically check for phishing URLs.
- Bookmark your favorite websites. It’s not a bad idea to bookmark all your favorite sites, so you won’t need to type a URL every time.
- Use a VPN. A virtual private network encrypts your traffic and hides your IP address, improving your online security. NordVPN offers an additional Threat Protection Pro feature, which blocks websites known for storing malware. With one NordVPN account, you can also protect up to ten devices, such as laptops, tablets, or smartphones.
For companies
- Register common misspellings of your domain. Buy domain names that are common misspellings or typos of your main website address. Redirect them to your real site to protect users from URL spoofing and keep your traffic.
- Watch for typosquatted domains. Use services that alert you when similar domains are registered. This will help you deal quickly with any threats.
- Take legal action. If you find a typosquatted domain, consider legal steps to reclaim it. This can be tricky but is often needed to protect your brand.
Online security starts with a click.
Stay safe with the world’s leading VPN