Basics of Typosquatting and URL Hijacking

Typosquatting (also referred to as URL hijacking or using a fake URL) is a form of cybersquatting in which an individual sets up a website that incorporates one of several typographical errors typically made when Internet users type a website address. Typosquatters most often take advantage of four common typographical mistakes:

1. A common misspelling or foreign language spelling;

2. A misspelling based on typing errors, such as leaving out a letter;

3. A slightly different phrase, such as adding an “s” onto a word; and

4. A different top-level domain, such as “.org” instead of “.com”.

Typosquatters then use those mistakes to their own advantage, often for personal gain. Some common uses of mistaken domain names include: trying to sell the domain name to the original brand owner; passing off the website as part of the branded entity; making money with pay-per-click revenues; redirecting to a competitor; and participating in malicious activities (intercepting passwords, installing malware, etc).

A 2011 study found that 80% of all mistyped domains led to websites that were somehow associated with malicious intent on the part of the typosquatter. The study, by Sophos, looked at six domain names: Facebook, Google, Twitter, Microsoft, Apple, and Sophos. The study then analyzed websites that incorporated three simple typographical mistakes: omitting one letter; mistyping one letter; and adding one-letter.

Based upon the study, Sophos found that the mistyped domain names that were used most frequently were associated with those companies that were high profile and had websites that were commonly viewed. The study found that the percentage of active domains with the most common mistyped domain names were as follows:

Apple 86%

Google 83%

Facebook 81%

Twitter 74%

Microsoft 61%

Sophos 16%

The study found that the highest proportion of mistyped domain names – 15% – led Internet users to advertising sites. Another 12% of the websites were related to IT and hosting websites. 2.7% of the websites were considered cybercrime, meaning that they were at some point associated with hacking, phishing, online fraud, or spamming. Another 2.4% of the websites had adult content or were dating sites.

Sophos also found that the company being imitated had an impact on the type of activity on the typosquatter website. Apple, for example, had a larger percentage of bait-and-switch attempts with iTunes. One company used a pair of domain names that appeared to offer iTunes software downloads but instead enticed consumers to pay $0.99 for “unlimited downloads” – in actuality, technical help forums regarding downloading audio and video files.

In contrast, Google was the most commonly abused brand, in which third parties provided search pages and presented sponsored links as part of the search results.

Companies are taking typosquatters seriously and are fighting back, both through administrative proceedings and the legal system. Some companies, such as Lego, use the Uniform Domain Name Dispute Resolution Policy (UDRP) proceedings to file cases with the World Intellectual Property Organization (WIPO) against typosquatters. In fact, by 2011, Lego had spent approximately $500,000 in various UDRP proceedings against 309 typosquatters.

Facebook, on the other hand, sought protection in the California court system. As a result of its lawsuit, in 2013, Facebook was awarded almost $2.8 million in damages against several typosquatters who had registered 105 domains, including gacebook.com, gfacebook.com, and faacebok.com. Additionally, the offenders had to turn over the domain names to Facebook.

Typosquatting is potentially a simple way to make a profit from Internet users who mistype a domain name. Such practices will likely continue unless companies take proactive steps to monitor and quickly shut down typosquatters through administrative and legal proceedings. More information about preventing typosquatting can be found at the Firm’s domain name litigation services page.