A current report recently published an alarming number: In 2018, users “accidentally” visited CM websites such as itunes.cm or espn.cm and thus came across the website of subtle fraudsters. Among others, it was Netflix and Citibank. They fell victim to .OM Typosquatters. By accidentally omitting the “c”, a large number of users were directed to websites trying to install malicious malware.
In this article we explain how dangerous a harmless typo can be. We also provide an overview of the legal situation and suitable strategies for brand protection on the Internet.
What is Typosquatting?
Simply put, Typosquatting means registering typo domains. With type quatting, fraudsters consciously register domains that are very similar to known web addresses and only differ in terms of a typo, a spelling error or a wrong domain ending. In the example above, the web address itunes.cm was registered by a typosquatter and anyone who had forgotten the ending “o” when typing the domain name in the browser ended up unsuspecting on the wrong website. A small mistake brought the fraudster a lot of traffic that he could exploit for his abusive machinations.
How does typosquatting work?
Typosquatting, also called URL hijacking or brandjacking, is made possible by typing or spelling errors in the domain name. If a user makes a mistake while typing the domain and does not notice this, he unintentionally ends up on the wrong website. The owner of this domain now receives the traffic that the trademark owner of a known domain is entitled to.
A typosquatting case became internationally known for the first time in 2006. Back then, the Typosquatters had their sights on the Google.com website. Examples of typosquatting domains are e.g. URLs like Foogle.com, Hoogle.com, and Voogle.com. Since the letters F, H and V are right next to the G on the keyboard, the typing error happens quickly and the typosquatter (= owner of the fraudulent domain) automatically receives visits from Internet users who have tried to reach Google.com.
What types of typosquatting are there?
In the following, we show different types of typosquatting and illustrate them with examples. These examples are purely fictional! In reality, large companies like Apple or Google have of course long since taken up the fight against typosquatters and registered typical typo and spelling error domains themselves or had them blocked by a special ICANN service.
- Typing error: Anyone who is in a hurry while surfing the World Wide Web will know how quickly the classic typo can happen. This is especially true for people who write blindly or who like to rely on the auto-correction function. Well-known web addresses such as www.apple.com quickly www.aple.com, www.appoe.com or www.aoole.com.
- Spelling mistakes. But the sloppy spelling is not always to blame when a user ends up on the wrong website. Many web addresses are simply misspelled out of ignorance. So really not everyone knows that Apple is written with “LE” in the back. Very often you write what you speak and the web address is www.appel.com. Another example is www.zapos.com instead of www.zappos.com
- Wrong domain ending. In recent years, more and more new top-level domains have been added. The next round is due in 2019. This also increases the likelihood of this type of typosquatting. The fraudsters are specifically looking for known brand domains in combination with unoccupied endings. A typosquatting case would be www.nike.online or www.nike.live. But the most popular would be www.nike.co. By combining the brand name with the Colombian top-level domain .co, numerous Internet users who accidentally forgot the last letter of the most common TLD .com could be intercepted.
- Alternative spellings. Alternative spellings of services, brand names or product names such as www.sychology.com instead of www.psychology.com or www.filosophy.com instead of www.philosophy.com are also likely to mislead users.
- Hyphen domains. This is either about omitting or adding a hyphen to lead the traffic to your typo domain in an unauthorized manner. For example, someone could register www.mercedesbenz.com and get some audience of the official www.mercedes-benz.com site.
- Completion of well-known brand domains. If common brand domains are supplemented with suitable words, a serious-sounding web address is quickly created. Let’s look at Amazon as an example. The result is websites like www.amazonstore.com, which sound right but have nothing to do with the brand owner and could be used for the distribution of advertising or malware.
- Prepending www. Also a typosquatting, but very original: the prefix of three Ws in front of the actual domain name. Since the explicit entry of the www. in the browser line can be omitted, entering wwwgoogle.com leads to the wrong homepage. A small, forgotten point can lead to a lot of trouble.
What are the dangers of typosquatting?
What exactly makes typosquatting dangerous? It’s simple. Nobody registers a domain with the typo or spelling errors mentioned above for fun. Typosquatters mostly have criminal intentions and try to make a profit with the Typosquatting domains. In the case of the aforementioned Google typosquatting from 2006, for example, the fraudsters sent malware downloads to unsuspecting visitors.
Typosquatting is not only a danger for users but also brand owners. The latter lose valuable traffic and thus sales through typo domains. Damage to the image cannot be ruled out either.
Here is a list of possible intentions of typosquatters:
- Phishing. The aim of such a typosquatting website is data theft. E.g. Collected email addresses that can be sold for big bucks. The contents of such phishing websites are e.g. Surveys, raffles or gift campaigns. More broadly, phishing means the gathering of personal information and associated identity theft. The fraudsters are primarily interested in sensitive user data, such as Credit card numbers aside. This allows you to completely bankrupt your account without being noticed. To get to this sensitive user data, the original websites are often forged 1 to 1.
- Domain parking. The Typosquatters take advantage of the desperation of the brand owners. They register typosquatting domains and then try to sell them to brand owners at completely inflated prices.
- Counterfeit products. The aim here is to imitate the brand owner’s real website as faithfully as possible and to use it to successfully market counterfeit products.
- Tapping traffic. Typo domains are a quick and easy way to get traffic as an unknown company. Your products are then marketed on the Typo website and supposedly good promotional offers are advertised.
How is cybersquatting different from typosquatting?
Typosquatting is often equated with domain squatting. However, this is not entirely true. Because while Typosquatting relies on typing or spelling errors, the so-called cybersquatters register or use domain names that they are not entitled to.
Definition of cybersquatting
The term cybersquatting means the improper registration of domain names that contain legally protected terms – e.g. Brand names, protected product names, company names or the names of well-known persons.
The cybersquatters intend to sell these domains as high-priced as possible to the actual rights holder – i.e. the company, the brand owner or the person. In fact, many companies are willing to pay thousands of euros for these “fake” URLs. Because only by purchasing this domain can you prevent future abuse. Since the URL hijacker only pays a few euros to register the domain, cybersquatting is often very profitable for him.
History of cybersquatting
The word cybersquatting includes the term “squatter”. This term was first used in 1788 for a squatter – a person who uses someone else’s property even though he or she has neither the right to do so nor pays rent for it. To describe a similar situation on the World Wide Web, the term squatter was supplemented by the word “cyber”. A cybersquatter is therefore a person or a company that “occupies” a domain, although they have no rights to do so.
One of the earliest legal references to cybersquatting is a lawsuit between Avery Dennison Corporation and d Jerry Sumpton in 1998. Jerry Sumpton had registered the domain names www.avery.net and www.dennison.net that were identical to plaintiff Avery Dennison’s two trademarks. Also, Jerry Sumpton had around 12,000 other domains registered for cybersquatting.
The judge, in this case, made it clear at the time: “The defendants are so-called cybersquatters. They have registered over 12,000 internet domain names. And not for their own use, but solely to prevent the actual rights holder from registering these domains. And like all cybersquatters, the defendants try to make a profit with this abuse by offering the domains to the brand owners at increased prices.”
Measurable sales losses from typosquatting
In a report, FairWind Partners examined the connection between typosquatting and the decline in sales of the companies concerned. The report made it clear that typosquatting can cause immense damage. The value of traffic to the abusive typo domains was estimated to be over $ 50 million. Not included, because it is difficult to quantify, are negative consumer experiences, the loss of image and the lost trust.
Where do most squatting cases occur?
Almost a third of all cybersquatting cases are counted in the banking and finance, fashion, internet and IT sectors.
Cybersquatting disputes relating to new generic top-level domains (New gTLDs) account for more than 12% of cases.
In the USA, France, UK, Germany and Switzerland, most of the domain legal proceedings were reported to the WIPO. The clear front runner is the USA.
The legal situation with typosquatting
Typosquatting violates trademark law in the USA. Trademark protection is regulated in this “Anticybersquatting Consumer Protection Act”. If a domain name is registered whose wording corresponds to or is similar to a protected trademark, the rights of the trademark owner are infringed in most cases. If this is the case, he can assert injunctive relief.
The law against unfair competition (UWG) can also be used for typosquatting.
What can you do as a user against typosquatting?
- Do not call up the website by entering the domain name directly in the browser line, but enter the name in a search engine. The real pages usually rank significantly higher than the fake pages.
- As soon as you have visited a real website, bookmark it and only use your bookmarks in the future.
- Use voice input (e.g. Siri) to avoid typing errors.
- Never click on links that you cannot trust 100 percent; e.g. from questionable emails, SMS, messaging services or social networks
- Do not open any questionable email attachments.
- Use antivirus software to protect your PC against malware and ransomware.
What can a website owner do against typosquatting?
- Register important and obvious typo domains yourself and redirect these domains to the correct domain without spelling mistakes.
- In addition to the .com extension, register other relevant top-level domains such as .net, .shop or .web to prevent them from being registered by cybersquatters.
- Register alternative spellings of your domain name. E.g. www.fotography.com, www.photografy.com, www.fotografy.com.
- Register variants with and without a hyphen.
- Use anti-spoofing technology.
- Use secure email gateways.
- Inform your customers and users about possible phishing attacks.
- Have your accounts verified on social media and notify users accordingly.
- Secure your website with suitable SSL certificates.
- Use other trust elements on your website to increase the trust of your visitors in your company and your website.
- Register your brand name with the Trademark Clearinghouse (TMCH) and also use the ICANN Trademark Registry Exchange Service (TREx). Unauthorized domain registrations of typosquatters and cybersquatters are blocked – both during the sunrise phase and beyond.
- Also, enter a brand-related term in the Domains Protected Marks List (DPML) of the Donuts Registry. In addition, over 200 new TLDs with this brand name will also be blocked after the sunrise phase.