News & Events

Typosquatters are leading innocent victims astray

Alert
11.01.2021

shift and enter keyboardTyposquatting takes advantage of an inclination among internet users known as “fat fingers” — a tendency to hit the wrong keys and enter misspelled trademarks or brands. Like phishing, typosquatting is a type of social engineering that tricks people into visiting websites they didn’t intend to visit. These schemes can harm both consumers and the businesses whose names are abused.

Connection to cybersquatting

Typosquatting is connected to cybersquatting, where someone registers a site’s domain name that includes a trademark and then tries to profit by selling that name to the trademark owner. With typosquatting, fraudsters register URLs that are common misspellings of company and brand names. For example, a bad actor might register landswnd.com and lnadsend.com. Then, when users try to visit the site of retailer Lands’ End but mistype the name, they may end up on a fake site that looks like the real one. Other human errors, such as typing the wrong URL extension (.com instead of .org) or omitting punctuation marks such as hyphens, can also work to typosquatters’ advantage.

According to Palo Alto Networks’ Unit 42 research, the most commonly targeted sites include Netflix, Microsoft, Facebook and PayPal. But any business can be vulnerable to this type of fraud.

Valuable information 

The goal often is to divert users away from competitors or draw traffic to their own sites (often pornography or dating sites). The greatest risk for users is that they’ll be diverted to a site where they’re induced to enter login information or download malware. Resulting identity theft can make big money for fraud perpetrators.

Typosquatting can also be used for corporate espionage. In one case, a law firm sued a programmer who had obtained a domain name similar to its own, except for a minor typo. The law firm alleged that the defendant had used his doppelgänger domain name to create fake email accounts and intercept email sent to the firm.

Protect online assets

To protect your business from typosquatting schemes, routinely check mistyped versions of your URL. If you find a questionable site, try to contact the domain name owner. The owner may have an innocent explanation. But if you believe the owner has malicious intent, you may want to file a complaint using the Uniform Domain-Name Dispute-Resolution Policy (UDRP) or pursue litigation.

Jump to Page

Boyer & Ritter LLC Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek