A current report recently published an alarming number: In 2018, users “accidentally” visited CM websites such as itunes.cm or espn.cm and thus came across the websites of subtle fraudsters. Among others, it was Netflix and Citibank. They fell victim to .OM Typosquatters. By accidentally omitting the “c”, many users were directed to websites trying to install malicious malware.
In this article, we explain how dangerous a harmless typo can be. We also provide an overview of the legal situation and suitable strategies for brand protection on the Internet.
Simply put, Typosquatting means registering typo domains. With type quatting, fraudsters consciously register domains very similar to known web addresses and only differ in terms of a typo, a spelling error, or a wrong domain ending. In the example above, the web address itunes.cm was registered by a typosquatter, and anyone who had forgotten the ending “o” when typing the domain name in the browser ended up unsuspecting on the wrong website. A small mistake brought the fraudster a lot of traffic he could exploit for his abusive machinations.
Typosquatting, also called URL hijacking or brandjacking, is made possible by typing or spelling errors in the domain name. If a user makes a mistake while typing the domain and does not notice this, he unintentionally ends up on the wrong website. The owner of this domain now receives the traffic that the trademark owner of a known domain is entitled to.
A typosquatting case became internationally known for the first time in 2006. Back then, the Typosquatters had their sights on the Google.com website. Examples of typosquatting domains are, e.g. URLs like Foogle.com, Hoogle.com, and Voogle.com. Since the letters F, H, and V are right next to the G on the keyboard, the typing error happens quickly, and the typosquatter (= owner of the fraudulent domain) automatically receives visits from Internet users who have tried to reach Google.com.
In the following, we show different types of typosquatting and illustrate them with examples. These examples are purely fictional! In reality, large companies like Apple or Google have, of course, long since taken up the fight against typosquatters and registered typical typo and spelling error domains themselves or had them blocked by a special ICANN service.
- Typing error: Anyone in a hurry while surfing the World Wide Web will know how quickly the classic typo can happen. Especially for people who write blindly or rely on the auto-correction function. Well-known web addresses such as www.apple.com quickly www.aple.com, www.appoe.com, or www.aoole.com.
- Spelling mistakes. However, sloppy spelling is not always to blame when a user ends up on the wrong website. Many web addresses are simply misspelled out of ignorance. So, not everyone knows that Apple is written with “LE” on the back. Very often, you write what you speak, and the web address is www.appel.com. Another example is www.zapos.com instead of www.zappos.com
- Wrong domain ending. In recent years, more and more new top-level domains have been added. The next round is due in 2019. The considerable amount of new TLDs also increases the likelihood of this type of typosquatting. The fraudsters are specifically looking for known brand domains in combination with unoccupied endings. A typosquatting case would be www.nike.online or www.nike.live. But the most popular would be www.nike.co. By combining the brand name with the Colombian top-level domain .co, numerous Internet users who accidentally forgot the last letter of the most common TLD .com could be intercepted.
- Alternative spellings. Alternative spellings of services, brand names, or product names, such as www.sychology.com instead of www.psychology.com or www.filosophy.com instead of www.philosophy.com are also likely to mislead users.
- Hyphen domains. It is either about omitting or adding a hyphen to lead the traffic to your typo domain unauthorizedly. For example, someone could register www.mercedesbenz.com and get an audience on the official www.mercedes-benz.com site.
- Completion of well-known brand domains. If common brand domains are supplemented with suitable words, a serious-sounding web address is quickly created. Let’s look at Amazon as an example. The result is websites like www.amazonstore.com, which sound right but have nothing to do with the brand owner and could be used to distribute advertising or malware.
- Prepending www. Also a typosquatting, but very original: the prefix of three Ws before the actual domain name. Since the explicit entry of the “www.” the browser can omit in the search line, entering wwwgoogle.com leads to the wrong homepage. A small, forgotten point can lead to a lot of trouble.
What exactly makes typosquatting dangerous? It’s simple. Nobody registers a domain with the typo or spelling errors mentioned above for fun. Typosquatters mostly have criminal intentions and try to make a profit with the Typosquatting domains. In the case of the mentioned above, Google typosquatting from 2006, for example, the fraudsters sent malware downloads to unsuspecting visitors.
Typosquatting is not only a danger for users but also for brand owners. The latter lose valuable traffic and thus sales through typo domains. Damage to the image cannot be ruled out either. Here, we see the importance of full domain protection as part of a comprehensive online trademark strategy. By proactively registering variations of their domain, companies can prevent typosquatters from capitalizing on these common mistakes, thereby safeguarding their brand and their customers’ security.
Here is a list of possible intentions of typosquatters:
- Phishing. The aim of such a typosquatting website is data theft. For example, they collect email addresses that can be sold for big bucks. The contents of such phishing websites are surveys, raffles, or gift campaigns. More broadly, phishing means the gathering of personal information and associated identity theft. The fraudsters are primarily interested in sensitive user data, such as Credit card numbers. Such data allows you to completely bankrupt your account without being noticed. To get to this sensitive user data, the original websites are often forged 1 to 1.
- Domain parking. The Typosquatters take advantage of the desperation of the brand owners. They register typosquatting domains and then try to sell them to brand owners at completely inflated prices.
- Counterfeit products. The aim here is to imitate the brand owner’s real website as faithfully as possible and to use it to market counterfeit products successfully.
- Tapping traffic. Typo domains are a quick and easy way to get traffic as an unknown company. Your products are then marketed on the Typo website, and supposedly, reasonable promotional offers are advertised.
Typosquatting is often equated with domain squatting. However, this is only partially true. While Typosquatting relies on typing or spelling errors, the so-called cybersquatters register or use domain names to which they are not entitled.
The term cybersquatting means the improper registration of domain names that contain legally protected terms:
- brand names
- protected product names
- company names
- or the names of well-known persons
The cybersquatters intend to sell these domains as high-priced as possible to the actual rights holder. It can be the company, the brand owner, or the person. Many companies will pay thousands of euros for these “fake” URLs. Only by purchasing this domain can you prevent future abuse. Since the URL hijacker only spends a few euros to register the domain, cybersquatting is often very profitable.
The word cybersquatting includes the term “squatter”. This term was first used in 1788 for a squatter – a person who uses someone else’s property even though they have neither the right to do so nor pay rent. To describe a similar situation on the World Wide Web, the term squatter was supplemented by the word “cyber”. A cybersquatter is, therefore, a person or a company that “occupies” a domain, although they have no rights to do so.
One of the earliest legal references to cybersquatting is a lawsuit between Avery Dennison Corporation and d Jerry Sumpton in 1998. Jerry Sumpton had registered the domain names www.avery.net and www.dennison.net, which were identical to plaintiff Avery Dennison’s two trademarks. Also, Jerry Sumpton had around 12,000 other domains registered for cybersquatting.
The judge, in this case, made it clear at the time: “The defendants are so-called cybersquatters. They have registered over 12,000 internet domain names. And not for their use but solely to prevent the actual rights holder from registering these domains. And like all cybersquatters, the defendants try to make a profit with this abuse by offering the domains to the brand owners at increased prices.”
In a report, FairWind Partners examined the connection between typosquatting and the decline in sales of the companies concerned. The report made it clear that typosquatting can cause immense damage. The value of traffic to the abusive typo domains was estimated to be over $ 50 million. Not included, because it is difficult to quantify, are negative consumer experiences, the loss of image, and the lost trust.
Almost a third of all cybersquatting cases are in the banking and finance, fashion, internet, and IT sectors.
Cybersquatting disputes relating to new generic top-level domains (New gTLDs) account for more than 12% of cases.
In the USA, France, UK, Germany, and Switzerland, most of the domain legal proceedings were reported to the WIPO. The clear front-runner is the USA.
Typosquatting violates trademark law in the USA. Trademark protection is regulated in this “Anticybersquatting Consumer Protection Act”. If a domain name is registered whose wording corresponds to or is similar to a protected trademark, the rights of the trademark owner are infringed in most cases. If this is the case, he can assert injunctive relief.
The law against unfair competition (UWG) can also be used for typosquatting.
- Do not call up the website by entering the domain name directly in the browser line, but enter the name in a search engine. The actual pages usually rank significantly higher than the fake pages.
- As soon as you have visited a real website, bookmark it and only use your bookmarks in the future.
- Use voice input (e.g., Siri) to avoid typing errors.
- Never click on links you cannot trust 100 percent (from questionable emails, SMS, messaging services, or social networks).
- Do not open any questionable email attachments.
- Use antivirus software to protect your PC against malware and ransomware.
- Register important and obvious typo domains yourself and redirect these domains to the correct domain without spelling mistakes.
- In addition to the .com extension, register other relevant top-level domains such as .net, .shop, or .web to prevent them from being registered by cybersquatters.
- Register alternative spellings of your domain name. E.g. www.fotography.com, www.photografy.com, www.fotografy.com.
- Register variants with and without a hyphen.
- Use anti-spoofing technology.
- Use secure email gateways.
- Inform your customers and users about possible phishing attacks.
- Have your accounts verified on social media and notify users accordingly.
- Secure your website with suitable SSL certificates.
- Use other trust elements on your website to increase the trust of your visitors in your company and your website.
- Register your brand name with the Trademark Clearinghouse (TMCH) and use the ICANN Trademark Registry Exchange Service (TREx). Unauthorized domain registrations of typosquatters and cybersquatters are blocked – both during the sunrise phase and beyond.
- Also, enter a brand-related term in the Domains Protected Marks List (DPML) of the Donuts Registry. In addition, over 200 new TLDs with this brand name will also be blocked after the sunrise phase.