So, you’ve registered your ideal domain name, and it perfectly sums up what you’re all about. However, when you’re first establishing your online brand, there are a number of other things you need to consider.
Did you ever think about what happens when someone accidentally misspells your domain in their browser address bar? Often enough, it’s a simple ‘this site can’t be reached’ message. But occasionally, it can be something far more sinister.
What is typosquatting?
Typosquatting, also known as URL hijacking or ‘brandjacking’, is a form of domain squatting or cybersquatting. Essentially, typosquatting is where one party registers a domain with the sole intention of denying it from another organisation or individual, who might naturally want it for themselves. The domain squatter snaps up a trademark or name that they know will be in demand, putting them in a position to sell it to the other party at a later date, at a grossly inflated price of course.
The ‘typo’ in typosquatting refers to those tiny mistakes we all make when hammering away at a keyboard. The squatter will intentionally register domains with slight variations on an existing web address in a bid to pick up the traffic of all those sloppy typists.
For example, maybe you’re so excited to visit favouritewebsite.com you typed favouritewebiste.com instead. If this URL is in the hands of a domain squatter, you’ll be redirected to a completely different site. But for what purpose? The motivations behind typosquatting come in all manner of nefarious shapes and sizes.
Types of typosquatting
The end goals of typosquatting can vary, from the simple objective of selling the domain at a jacked-up price, to monetising the traffic received using ads or affiliate links, or even redirecting you to a competitor. Here are the most common types of typosquatting to be aware of:
1. Holding domains to ransom
As mentioned above, one of the simplest potential aims of a typosquatter is to register a very similar domain to an existing popular brand in order to ‘hold it to ransom’ and sell it back to the brand at a grossly inflated price. This usually involves common misspellings or variations that are very similar to the brand name, which means that consumers could easily think that it’s the real brand at first glance. Therefore, to protect their brand reputation, businesses will often try to get control of this domain variation first, and typosquatters exploit this.
2. Monetising traffic
Either instead of or in addition to trying to sell the domain back to the original brand, typosquatters may also decide to monetise the traffic they get on this domain by plastering the site with ads and affiliate links. To encourage visitors to click on links, typosquatters will often create fake versions of the original websites (brandjacking), luring users into a false sense of security.
Not only can this tactic be used to generate revenue through advertising, but it can also have more nefarious purposes. These links can be used to redirect users to malicious websites or trick them into downloading malware onto their devices, which we’ll discuss in more detail below.
3. Malware and phishing
More malicious typosquatting has seen the use of brandjacking to replicate a target site and phish for personal login data. And at its most serious, typosquatting can be used to infect the unluckiest bad spellers with malware-riddled webpages.
One study discovered that 18.59% of squatting domains are malicious, which is defined as “often distributing malware or conducting phishing attacks”. Some typosquatters are very good at mimicking legitimate websites, tricking users into submitting sensitive information in payment gateways or in sign-up forms. These phishing and malware attacks enable hackers to use people’s bank details or sell their personal information to nefarious individuals or businesses on the internet.
4. Counterfeit sales
Some of these typosquatted and brandjacked websites do actually sell products, but they’re counterfeit or poor-quality knock-off products with a huge markup. This enables typosquatters to make money more easily by tricking consumers into thinking their products are the real deal, and the knock-on effect is that this damages the legitimate brand’s reputation.
5. Corporate sabotage
Whilst this tactic shouldn’t be used by morally upstanding businesses, some unethical business owners will deliberately register domain name typos of their competitors in order to siphon their web traffic. If there are lots of common typos or variations of the competitor’s brand name, these bad actors could potentially steal a lot of traffic using this tactic. And as long as their typosquatting efforts don’t constitute copyright infringement, there may not be a lot the victim can do legally.
6. Spam emails
Registering a domain typo also allows these cybersquatters to send spam emails from the typosquatted domain. If consumers don’t check their emails thoroughly, they could easily think that a spam email comes from a legitimate source, and therefore trust it enough to click on malicious links or submit personal information.
Examples of typosquatting cases
Some very high-profile victims of typosquatting cases include celebrities like Paris Hilton and Jennifer Lopez, where users were redirected to typosquatting sites that then bombarded them with affiliate links.
Even big brands have been forced to take typosquatting seriously. For example, Google has secured gogle.com and googel.com to ensure slips of the keyboard don’t send users off course from their search engine.
One of the most bizarre typosquatting cases occurred in the early 2000s when Microsoft delivered a cease-and-desist order to Canadian teen, Mike Rowe, after he thought it would be funny to add soft to the end of his part-time website design business' domain name, MikeRoweSoft, and then initially refused to change it.
More recently, typosquatting has been used to spread so-called ‘fake news’ by presenting false news stories in links that at first glance appear to be from legitimate news outlets. This is only made more dangerous by social media, where this kind of information is often enough to go viral, spreading the links to potentially millions of users. Typosquatting can also be used to damage people’s or brands’ reputations for political purposes – for example, during the 2020 US election, a report found more than 500 typosquatted domains related to candidates. Similar threats were identified ahead of the 2024 US election, and online misinformation continues to be a major concern for governments around the world.
How does typosquatting work?
Typosquatting is actually a relatively simple process. The cybersquatters will go after likely typos for the website in question, common misspellings and other slight variations on an existing domain name. This might mean adding a hyphen here or repeating a character there, but the end result is the creation of a typosquatting site that’s close enough to a real domain name to pick up a high volume of web traffic.
Another common typosquatting tactic is to use alternative domain extensions or top-level domains (TLDs) that are dangerously close to a legitimate URL. For instance, registering the equivalent .co of an existing .com domain. Certain country code top-level domains like .cm (Cameroon) or .om (Oman) are also very popular with scammers, for obvious reasons.
But on a lighter note, the power of sloppy typing can be used for good. The charity site c.uk makes use of wildcard subdomains to pick up a large volume of mistyped .co.uk domains and showcases a wide range of real worthwhile causes that visitors can then donate to.
Is typosquatting legal?
Unfortunately, the answer to this question is yes, and no. Obviously, phishing and malware scams are crimes, but simply registering an available domain isn’t illegal. However, there may be some legal repercussions if consumers could potentially be duped or confused by a domain very similar or almost identical to an existing name or trademark. In other words, the law is on your side if any typosquatting cases constitute trademark infringement.
Of course, the law depends on your physical location. While the US has specific legislation in the form of the Anticybersquatting Consumer Protection Act (ACPA) of 1999, in the UK, typosquatting can only be countered via existing trademark and intellectual property law.
Short of the courtroom, there are also services offered by the Internet Corporation for Assigned Names and Numbers (ICANN) and domain registries like Nominet to settle arguments over who has the legitimate claim to any potential typosquatting sites.
While legal mechanisms and dispute resolution processes are certainly valued, they can also consume a significant chunk of money, time, and effort. This may not be an issue for large multinational brands and celebrities, but more often than not, prevention is better than the cure, especially if you're a small business owner.
How to prevent typosquatting cases
So, if typosquatting isn’t always illegal, what can you do to protect your brand? Here’s how to prevent typosquatting on your domain:
1. Identify potential targets
Website operators need to be proactive to identify likely targets for typosquatting and secure them as quickly as possible. It might be as simple as typing out your domain as fast as you can, seeing what the most likely mistakes are, and then registering them. If someone is told your domain verbally, are there any obvious ways they could mishear it? Note these down and then register them as well.
2. Keep your domain name simple
To reduce the chances of misspellings and misheard domains in the first place, it’s best to choose a simple, recognisable and easy-to-spell brand name when you’re initially registering a domain. Choosing anything overly complex will only increase the number of potential misspellings and variations you can have, making it harder (and more expensive) for you to find and buy all of these domains.
When possible, it’s also best to avoid special characters like hyphens in your domain name, as these can easily be confused when people forget to include it or add it in the wrong place. For more tips on registering the most secure, optimised and catchy domain, check out our article on how to choose a domain name.
3. Register multiple TLDs
As explained earlier, a common typosquatting tactic is to register alternative domain extensions or TLDs. So, if you have a .com domain, a typosquatter could register the .co.uk version or .co version, for example. When registering domain name typos, don’t forget to also register TLD variations, paying attention to commonly used ones like the Cameroon and Oman country codes.
4. Monitor domain registrations
ICANN’s Trademark Clearinghouse is a database of registered trademarks you can use to monitor how your names are used with different domains. By regularly checking this database, you can keep an eye on how names that are similar to your brand are used, helping you anticipate potential typosquatting attacks.
5. Report typosquatters
If you do end up being targeted by typosquatters, it’s best to be as proactive as possible and immediately report this to ICANN and/or the domain’s registrar. Hopefully, the registrar will take the domain down, but if they don’t you can send a cease and desist letter to the typosquatters. If you need to pursue further legal action, you will need to enlist the help of your legal team or hire a lawyer for this process.
If the typosquatting case constitutes copyright infringement, you may have more luck getting the site taken down. Plus, if you’re successful with taking on typosquatters, other cybercriminals may be more hesitant to target your business in the future. However, the legal process can get very expensive, so it’s always best to prevent typosquatting in the first place by following the tips above.
6. Educate site users
Make sure you raise awareness of typosquatting in your team and among your customers to prevent them from getting scammed, as this can severely damage your brand’s cybersecurity and reputation. Emphasise the importance of being careful when typing domains, and advise them to rely on search engines and bookmarks where possible (which are often quicker and easier to use anyway). Users should also keep an eye out for any dodgy links in emails and social media posts, and install antimalware software if they can afford to. On top of this, users should always make sure their browsers, apps, and operating systems are as up-to-date as possible.
To prevent hijacking of the Fasthosts brand, we've made sure to register ourselves at fastgosts.co.uk, fasthost.co.uk, fathosts.co.uk, and many more domains, all of which will redirect you to fasthosts.co.uk.
An SSL certificate is also an excellent way to reassure users that you’re definitely who you say you are when they arrive on your website, especially in light of recent changes to how HTTPS sites are displayed in web browsers.
If you need to register several domains to secure your brand online, you’ve come to the right place. At Fasthosts, we offer a full range of domain registration services, from established, widely popular domain extensions like .co.uk and .com, to highly descriptive new domain extensions like .blog and .club. Plus, we offer a free domain transfer service for existing domains, so you can easily switch to Fasthosts for the best prices and Web Hosting services.
Choose from a huge selection and get your preferred domains at outstanding prices. Everything can be managed from our user-friendly control panel, with free email forwarding, advanced DNS control, and 24/7 customer support.
Our team at Fasthosts can also provide you with WordPress Hosting and email services to put your new domain to work.