Corporate news Tips for web professionals

Typosquatting: domain name confusion

typosquatting is a real threat to your business

To err is human, and someone can always profit from that. As an example of this, in 1998, Robert Cumbow, a Seattle lawyer, was confronted by a case involving a website called “Amazom.com” [sic] which displayed advertisement banners for Barnes&Noble, a competitor of the famous brand. While the latter was upset about the diverting of customers, it probably did not yet measure the amount of damage that this type of abuse could cause. The damage resulting from such a confusion, if it were well organized, could be terrible, for both the user and the company whose name was misused. It is therefore imperative that brands take action to anticipate this type of cybersquatting. As we’ll see in this article, some solutions to this problem do exist.

The problem of typosquatting

Typosquatting is a practice that is nearly as old as domain names, and as we’ll see, causes problems for both the user and the holder of the original domain name that was misused.

1. What do we mean by “typosquatting”?

If you make a typo when entering a domain name in the address bar of your browser, you’ll surely realize your mistake when you see a “Server Not Found” error page telling you that the browser can’t find the site. However it is also possible that you see a website that is different from the one that you initially wanted to visit. This domain name, which closely resembles that of the site you wanted to visit, was registered in the hopes of profiting from the confusion. This is what typosquatting is all about.

Concretely, these domain name alterations may consist of, for example:

  • a letter that is added or omitted (“gaandi”)
  • inverted characters (“gnadi”)
  • a dot or dash that is added or omitted (“wwwgandi.net”)
  • a substitution of one character for another that resembles it. For example a 0 for an O, an I for an l, or any other such similar practice.

This type of practice is included in the larger category of cybersquatting, which, for diverse reasons (none being defensible), consists of registering domain names that evoke established brands and may potentially lead visitors astray. The objective is generally to take advantage of these visitors, or to simply sell the domain name to the company that owns the targeted brand.

By its nature, typosquatting is, like other forms of social engineering, often linked to these motives.

2. A variety of motives

Monetizing typos

If a website has a lot of visitors, it is more than likely that the typing of its address generates a lot of errors, and enough to guarantee that a non-negligible amount will be sent to a specific page. Though today the domain name “gogle.com”  belongs to Google, it was not always the case, as for a time, it sent visitors to a porn website.

This is the same idea that a certain Alf Temme had back in 2010, when he purchased 25 domain names that were spelling variations of hotmail.com, with all of them leading visitors to an advertisement for a fitness plan. Sued by Microsoft, Alf Temme took an interesting line of defense: if a real-estate developer decided to build a hotel next to Disneyland, could they be accused of “property-squatting”? The success of Hotmail created a lot of traffic for “neighboring” domain names, and Mr. Lemme had every intention of profiting from it (spoiler: that line of defense didn’t work).

Poaching potential customers

A very simple way to present this type of situation would be to imagine an online store purchasing all the domain name typos of its biggest competitor, and routing the traffic from those to their own site.

Without necessarily being a direct competitor of the one whose domain name was misused, a cybersquatter could count on this diverted traffic to display affiliated advertisements that might satisfy customers.

However this practice could be even more subtle: taking advantage of affiliate programs put in place by the clothing brand, Land’s End, certain people registered numerous variations of the brand’s name, and forwarded them to their own websites, which then sent the visitors to Land’s End. The consumers eventually arrived at the website that they wanted, because these intermediaries only got payment by the affiliate program. Land’s End had a problem with this, however, and decided to take legal action to stop this in 2016.

Obtain information

Typosquatting is, however, mainly a technique that is used for phishing: whether it is to make the sender address of a fraudulent email appear credible and authentic, or to give the illusion that a login page is trustworthy, there are some that don’t hesitate in using a domain that inspires confidence. It is common for commercial brands, and even more so for services that involve money transfer to have to deal with this sort of thing. In 2020,  a study was made to search for all the domains that attempted to masquerade as one of PayPal’s domain names. In all, at least 64 of these domain names were found by Typosquatting Data Feed, such as paypal-team, mypaypal, paypal-support, etc., and in various extensions such as .com, .site, .info, .website…

With this type of scam it is possible to change the destination of wire transfers, but also more generally to intercept logins, passwords, bank account information, or any other type of personal data.

3. Prejudice for targeted businesses

Whatever the motive of these practices may be, we can rather easily understand that typosquatting is above all a danger for the user who is sent, in the best case, to an unscrupulous competitor, and in the worst case, to the clutches of a fraudulent system designed to abuse their confidence and steal their data. The prejudice can also affect the brand whose name was misused as well.

A loss of profit

A successful typosquatting operation often means a loss of revenue for the business which is a victim. Visitors are redirected away from their initial destination, and as potential customers, they might not return.

Eroded confidence

In addition to the loss of potential customers, another consequence of this rerouting of visitor traffic is the deterioration of the image of the company’s brand. No company wants to be associated with phishing activity, forwarding to advertisements, or data being stolen by third parties. It is easier for the victim of the phishing to think that the problem was with the security of the website and not their own lack of vigilance.

A serious menace for security

This type of social engineering may also affect a company’s employees and have dramatic consequences, such as the interception of financing funds as was the case for a start-up in 2019, which was victim of a phishing attack worthy of a Hollywood film.

Against typosquatting, better to act than react

1. Anticipate the typosquatting

Domain name choice

When choosing your domain name, don’t make a target of yourself for this sort of menace: chose a domain that is short, simple, unambiguous and easy to spell. Avoid hyphens, and try to make it such that it is spelled as it is pronounced. Short and simple, and also easy to memorize and share orally: these tips are valid for both the promotion of your brand, but also its protection in the face of the typosquatting menace.

The defensive strategy of your domain name portfolio

You can also prevent a lot of the typosquatting by registering the domain names that would be susceptible of being confused with yours. Similar to a strategy of “defensive” domain name registration, you can anticipate the spelling errors of people before someone else does and uses it to their benefit. “Facebok” is currently a possible variation of the domain name of this popular social media network for this reason.

2. Identify the typosquatting

Since it would be impossible to cover all of the possible variations of a domain name, and in all of the main TLDs within a domain name portfolio, monitoring services exist for this purpose.

This is notably provided by Gandi as part of Gandi Corporate Services. Each brand can be specifically monitored such that its owner can be quickly alerted to the presence of problematic domains, including typosquatting attempts. To do this, Gandi’s teams have put in place a detection mechanism that is constantly on the lookout for spelling variations around a given domain name such as:

  • the exact spelling but with just one letter added or removed,
  • a variant of the name but with one word added,
  • a variation that looks the same but isn’t (for ex. playing with replacing characters such as 0 for O etc.)

Other types of brand impersonation could be identified daily, such as the brand name being used as just a subdomain.

As soon as a registration occurs which could be considered as typosquatting, the owner of the brand who subscribed to this service is informed of this, and can then take appropriate action as necessary.

3. Responding to the typosquatting menace

These actions can be a bit more complex than they appear, since concretely, from a legal point of view, typosquatting is not forbidden per se, rather, it is the use that is made of the domain which is problematic.

Domain name monitoring

When a trademark holder is warned that a domain name has been registered which is susceptible of causing confusion with their name, they can take action within their company to prevent possible identity theft internally, for example by the carrying out of fraudulent wire transfers, of the “president scam” type. The company could, for example, block the suspicious domain name in the company’s email servers so that any emails sent from that domain would not reach their intended recipients.

Additionally, it would be a good idea to see how the domain name is being used, and to take action if, for example, a counterfeit website is created.

Compliance verification

For its part, Gandi can carry out the data verification of this suspicious registration, if it was made via its services, or request this verification from the registrar in question if its not the case. In the event that the registration information is false, the litigious domain name may be suspended by the the Abuse team of the registrar.

Defend your trademark via arbitration

Finally, if the holder of the domain name that could be considered as typosquatting has not committed an illicit act, and if it was correctly registered with its registrar, the company who wants to defend their trademark had the possibility of launching a special arbitration procedure.

ICANN has created Uniform Domain-Name Dispute Resolution Policy (UDRP) which exists to handle such issues. A jury is set up and called upon to settle the dispute over the name, based on various criteria such as: the risk of confusion with a registered trademark, the interest that the incriminated website may have to use that domain name in particular, as well as any good or bad faith. This UDRP arbitration may, after about a two-month process, result in a decision in favor of the plaintiff and lead to the restitution of the domain names in question.

Other procedures exist, and are sometimes unique to a given registry. For example, AFNIC, who is notably in charge of .fr domains, has made a tool called  Syreli, available to brands that is simple and rapid to use and can result in the deletion of a domain name as opposed to, say, an owner change.

Conclusion: typosquatting is a real threat to your business

This practice is detrimental to users, who risk, just because of carelessness, being confronted by risks far more serious than landing on a website other than the one they intended. However typosquatting is also a threat to trademarks and their holders. It is therefore crucial to anticipate these risks and, as the case may be, take appropriate measures to assert your rights. For this, please don’t hesitate to contact Gandi Corporate Services and take action to fight against these practices.