Typosquatting - The Devil is in the Details

One of the oldest tricks on the Internet is typosquatting, which involves the deliberate registration of misspelled websites. In this article, we'll explain what you need to watch out for while surfing the web daily and what you can do if your website has fallen victim to typosquatting.

Many internet users manually enter web addresses into their browsers. All it takes to end up on a site of potential fraudsters, instead of the desired website, is a wrong character in the URL. At first glance, the false redirection is not immediately apparent, as the pages often copy the layout and corporate design. Even the company logo is often forged, which is sometimes only recognizable at second glance.

Dangerous Typos

Anyone in a rush and quickly entering a web address in the browser has likely accidentally omitted the "c" in ".com" before. The resulting web address, therefore, ends in ".om", which is the top-level domain of the state of Oman. Thousands of well-known web addresses have been registered due to this potential "typo."

There are various forms of how users can make mistakes when typing a web address.

• Omitting a letter, e.g., facbook (facebook)

• Swapping letters, e.g., goolge (google)

• Doubling a letter, e.g., wikiipedia (wikipedia)

Cybercriminals specialize in various fraud methods. One method is bitsquatting. In this case, a typo with the adjacent key on the keyboard becomes a pitfall, e.g., eikipedia.de. Another common method is using numbers in the domain that closely resemble letters, e.g., ber1iner-sparkasse.

Fig.1 Example: Typo in URL

Websites that often ask users to provide personal data and banking information are very frequently victims of illegal schemes. PayPal serves as an example of this. Domains are created that look very similar to the legitimate URL, an example being paypal.com.paypal. In the hope that inattentive users do not notice the suffix at the end of the domain, the user is redirected to an external URL where they then enter their username and password. This is the goal of cybercriminals.

Legal Basis

Typosquatters are not only known for misspelled websites for malicious activities. A commonly used scam occurs when a brand name is part of the web address. Malicious insinuations by the URL owner (of the false address) are preprogrammed here. This can be legally challenged and should be done in the interest of your users.

The registration of commonly misspelled websites and redirecting the faulty traffic to a legitimate website is completely legal and a common practice, especially among competitors of major brands.

Protect Yourself from Typosquatting

We recommend that you pay attention to your behavior online and not press enter too quickly when entering web addresses. Make sure to avoid spelling mistakes when entering the URL in the browser and ensure that everything is spelled correctly, including the top-level domain (TLD).

If it’s a website you visit frequently, create a bookmark or shortcut for future visits.

If you are uncertain about the spelling of a web address, enter the web address without ".com" (or another TLD) into the browser for it to become a Google search. The Google autocorrect, page-ranking algorithm, or "Did you mean?" feature will likely direct you to a legitimate page.

The best way for companies to protect themselves against typosquatting is to register the misspelled versions themselves and redirect the traffic to the correct address. Popular websites like Facebook or Google have registered misspelled versions of their website, thus naturally gaining a significant advantage from typos in their URLs.

Facebook, for example, deliberately registers misspelled versions of its website, like "facebok.com" and "facbook.com", which capture users and redirect them to the correct address.

What Can We Do for You?

The rule is: stay alert when surfing the Internet. Take a close look at the URLs. Surf with awareness and stay vigilant online. Be sure to only click on external links from trusted websites.

If you need help detecting supposed typosquatt registrations of your website or want to set up redirects for other domains, please contact us.