Table of Contents
Typosquatting, also known as URL hijacking, is an opportunistic cybercrime that capitalises on internet users making typing errors when inputting a website address. Its methodology is strikingly simple yet deceptively effective. Threat actors create and register domains similar to popular websites but with common typographical errors to exploit unsuspecting users who mistype URLs.
The technique is similar to lookalike domains. But unlike lookalike domains—in which attackers register domains that look confusingly similar to those of trusted brands—typosquatting tries to cash in on users’ clumsiness with their keyboard.
Typosquatting has been instrumental in executing phishing attacks, spreading malware and committing brand infringement, among other illicit activities. For example, the infamous 2016 U.S. election hacking incident was partially attributed to typosquatting, illustrating its potential as a tool for political manipulation.
In an era where cybersecurity is paramount, understanding and countering typosquatting is critical. Beyond understanding the definition of typosquatting, this article delves into its intricacies, different types and preventive measures to protect against typosquatting.
Cybersecurity Education and Training Begins Here
Here’s how your free trial works:
- Meet with our cybersecurity experts to assess your environment and identify your threat risk exposure
- Within 24 hours and minimal configuration, we’ll deploy our solutions for 30 days
- Experience our technology in action!
- Receive report outlining your security vulnerabilities to help you take immediate action against cybersecurity attacks
Fill out this form to request a meeting with our cybersecurity experts.
Thank you for your submission.
Typosquatting vs. Cybersquatting: What’s the Difference?
Understanding the dynamics of cybersquatting and typosquatting is crucial to recognise their unique threats and devise effective countermeasures. While both exploit domain name systems for malicious gains, their strategies set them apart.
Typosquatting as outlined earlier, is a technique where criminals create and register domains that mimic popular websites but with slight typographical alterations. The aim is to direct users who mistyped URLs to these fraudulent sites. Typosquatters often leverage common typographical errors, such as omissions (e.g., “gogle” instead of “google”), transpositions (“gogole” instead of “google”), or incorrect TLDs (e.g., “.cm” instead of “.com”).
Cybersquatting, on the other hand, is registering domain names that are identical or strikingly similar to well-known brands or trademarks to profit from them. Cybersquatters primarily exploit the first-come, first-serve nature of domain registration. They often sell the domain to the rightful brand owner at an inflated price or use the domain’s likeness to a popular brand to attract traffic and generate ad revenue.
Statistically, both practices represent significant cyber threats. A 2019 study by Palo Alto Networks revealed that around 13,857 typosquatting domains targeted the top 500 most-visited websites worldwide. Meanwhile, the World Intellectual Property Organization (WIPO) reported 5,423 cybersquatting cases in 2022 alone. These figures reinforce the need for vigilance and robust cybersecurity measures to counter these ever-evolving threats.
In all these scenarios, once users land on the typosquatted website, they might face various security threats, from phishing attempts and malware downloads to intrusive advertising. Users often don’t realise they’re on a fraudulent site, particularly if the typosquatter has mimicked the legitimate site’s appearance. This makes typosquatting a subtle yet potent cybersecurity threat.
Types of Typosquatting
While typosquatting broadly refers to the practice of registering misspelled domain names, there are several types, each with its distinct objectives. Here’s an overview of the most common types:
As with most phishing schemes, this form of typosquatting is used primarily to steal sensitive user data. Once users land on the typosquatted site, they’re asked to enter personal or financial information (such as login credentials or credit card numbers). The site’s design is often convincingly similar to the legitimate site, making it difficult for users to recognise the deception.
In this type, typosquatted sites are used as a platform to install malware on users’ devices. Once a user lands on the site, they could unwittingly download harmful software, which might then steal data, corrupt files, or take control of the device.
The primary objective here is to generate ad revenue. The typosquatted site is usually filled with advertisements; the typosquatter earns money every time a user sees or clicks on one of these ads. While not as immediately damaging as other types, advert typosquatting can still be a nuisance and lead to wasted time and resources.
Reputation Damaging Typosquatting
Damaging the reputation of a legitimate site is the goal here. The typosquatted site typically contains harmful or negative content associated with the legitimate brand, thus tarnishing its image in the eyes of users who land on the site.
Sale of Typosquatted Domain
In some cases, typosquatters register misspelled domain names to sell them to the legitimate site owner at an inflated price. While annoying, this is more of an opportunistic tactic and usually doesn’t harm users directly.
Traffic Diversion Typosquatting
Here, the goal is to divert traffic from the legitimate site to a competitor’s site. Users who mistype the URL are redirected to the competitor’s site, giving it additional traffic and potentially taking business away from the legitimate site.
These types of typosquatting illustrate the diverse ways this technique can be employed for malicious ends. Each poses unique risks that require specific preventive measures to mitigate potential harm.
These real-world examples demonstrate typosquatting’s varied forms and objectives, from financial gain to spreading misinformation.
The potential harm caused by typosquatting is vast, emphasising the importance of both robust cybersecurity measures and user education in recognising and avoiding these threats.
How to Protect Against Typosquatting
The dangers posed by typosquatting necessitate taking proactive steps to defend against it. Here are some measures both individuals and organisations can employ:
- Double-Check URLs: Always double-check the URL you’ve typed before hitting enter, especially when visiting sites where you’ll be entering personal or financial information.
- Use Bookmarks: For frequently visited websites, especially those related to banking, email, or shopping, use bookmarks to avoid typing the URL.
- Install Security Software: Use comprehensive security software that warns about unsafe websites and blocks malicious downloads.
- Update Browser Security Settings: Most modern web browsers’ security settings can warn you about suspicious websites. Ensure these settings are activated and kept up-to-date.
- Be Sceptical of Unsolicited Communication: Be wary of unsolicited emails or messages with web links, even if they seem to be from reputable companies. If unsure, contact the company directly through their official contact channels to verify.
- Register Common Misspellings of Your Domain: Proactively register domain names that are common misspellings or typos of your domain. These can then redirect users to your correct site, protecting them from potential harm and ensuring you don’t lose traffic.
- Monitor for Typosquatted Domains: Use domain monitoring services to alert you when domains are registered that closely resemble your own. This allows for quicker response times in addressing potential threats.
- Employ Legal Measures: If a typosquatted domain is discovered, consider legal action to regain control of the domain. This can be complex and time-consuming but is often necessary to protect your brand.
- Implement Domain-based Message Authentication (DMARC): DMARC can help prevent email spoofing, protecting your customers and brand from phishing attempts.
- Educate Your Customers: Make your customers aware of the dangers of typosquatting and provide them with tools and knowledge to ensure they access your genuine site.
Protection against typosquatting requires a combination of technological solutions, legal action, and user awareness. By proactively addressing this threat, individuals and organisations can greatly reduce the risks posed by typosquatting.
How Proofpoint Can Help
Navigating the digital landscape can be treacherous, given the evolving threat of typosquatting. Proofpoint offers comprehensive solutions to protect organisations and their customers from this and other cyber threats.
Proofpoint’s Domain Discover provides robust domain monitoring services. It helps you identify malicious domains registered by typosquatters, safeguarding your brand from impersonation and fraud. It provides real-time alerts, allowing you to take swift action against suspicious domains that pose a risk to your organisation or your customers.
Furthermore, Proofpoint’s Digital Risk Protection solution offers advanced protection that goes beyond the traditional perimeter. It comprehensively monitors for typosquatted domains, fake mobile apps, fraudulent social media accounts, and more. By ensuring continuous and extensive digital protection, Proofpoint helps prevent threats before they can cause harm.
To address the threat of email spoofing associated with typosquatting, Proofpoint’s Email Fraud Defense uses DMARC to authenticate the sender’s identity, protecting you and your customers from phishing scams.
Cybersecurity is not a one-and-done solution but an ongoing process. That’s why Proofpoint continuously innovates to stay ahead of the latest threats, providing you with the peace of mind to conduct your business securely and confidently. For more information, contact Proofpoint or learn more about Proofpoint’s solutions.