Typosquatting protection means protecting yourself from who takes advantage of typing errors made while inputting an Internet address. If you mistype the name of a domain or website, you risk ending up in a page that includes malicious code, with serious consequences. In this article we find out how you can protect yourself from this.
1. What does typosquatting mean?
Typosquatting, also called “URL hijacking”, is today considered by all means a social engineering attack that exploits human error. Indeed, Internet users often commit typing mistakes (from where the word “typo”) while directly inputting a domain name into the address bar of the navigation browser. If users don’t notice the error and directly access the website, they may end up in something very dangerous. Indeed, by accessing the website, you risk inadvertently downloading a malware, or trojan, or falling prey to a phishing attempt and having to pay the expensive consequences.
Typosquatting has existed for as long as the web itself has, hence since 1989, and it found an especially fertile land during the initial years. Over the 90s, indeed, to navigate on the web and reach an Internet website it was necessary to remember its name, because search browsers didn’t exist yet. In the second half of those years the first search engines were born and finally, in 1998, Google arrived. But, even if it is easier to reach a website by typing its name in the search bar, cybersquatting, of which typosquatting is a typical example, is still an issue today.
Cybersquatting, also known as “domain squatting”, is the technique used to register domains and build the relative websites, or also just some webpages, with malicious aims. Before the world got organized and ruled over the jungle of domain name registration, whoever could register a domain that reminded, for example, of a specific brand.
2. Famous examples of cybersquatting
So, for example, a user could end up on armani.it but what he would find there was the website of a rubber-stamp company, not the one of the popular fashion brand. The story of Luca Armani from Treviglio in the Italian province of Bergamo and of his Internet website has gone viral. In this case, the entrepreneur had no intention whatsoever to deceive those who wanted to take a look at the latest pieces created by King George and actually ended up on his website. Simply, he managed to register his domain “armani.it” before Armani could think about it.
The matter was legally solved and it became known as one of the numerous precedents which demanded the introduction of an international authority that could safeguard examples from different types of cybersquatting. Examples that, over the 90s, aimed especially to resell at super high prices the registered domain name that could be of interest to a vendor. So, in 2003, the era of “first come, first served” came to an end, practically matching the domain name to the name of a brand: registering a website as armani.it would be possible and authorized only if the owner was Giorgio Armani.
A case of proper fraud is Moncler which, not having registered domain names with all possible variations of moncler.com, had to request an international investigation against a group of Chinese individuals who were selling fake parkas on a website whose name was deemed too similar to the official one. The one by Moncler is a typical case of cybersquatting.
As mentioned above, typosquatting is a form of cybersquatting. Hence, the realization of a website with malicious aims and with a domain name that is slightly different from the “official” one’s. For example, substituting a letter in the official domain name. The substantial difference between the two types is that with typosquatting the users risks consequences even just by simply accessing the fake website. On the other hand, the Cybersquatting that addressed you to a fake Moncler website, which maybe includes ad hoc advertising on other websites and even Google Ads, requires users to process their purchases on a voluntary basis. And generally you end up buying a fake, receiving nothing and seeing your credit card getting empty in a matter of minutes. Another case of cybersquatting that made the headlines was the sale of fake Ray Ban glasses on websites advertised by Facebook.
Today, typosquatting is not such a widespread technique anymore, but there are still cases. The reason is usually that users, out of laziness, type the name of the website they want to reach directly on the bar of the search engine. This explains why Facebook and Youtube are the most searched words on Google. And, if a user writes Facebook in the wrong way, hence with a typo, Google itself will correct it. Vendors as well have looked for solutions: today, many register tens of TLDs (Top Level Domains) similar to the official one and redirect you automatically. You can try! For example, try typing facebok.com with just one “o”, you’ll be automatically redirected to the correct website.
Automatic filters that prevent typosquatting are also more and more often included in the DNS resolution services offered by Internet access suppliers. For this reason, if you want to look for an example, it is easier to try with your smartphone. The virtual keyboard of a smartphone, moreover, makes it easier to type a letter wrong. Try only to substitute C with X (two close letters on the keyboard) in chase.com and see what happens when you land on xhase.com.
What happens? A rapid redirection towards a range of websites that have been purposely realized to spread advertising. In this way, those who registered those domains and set up the redirection will monetize even just thanks to the fact that you are watching the ads, and even more if you try and click on them. This “harmless” cybersquatting technique is a real business that, over the years, has made several people billionaires.
>> FlashStart protects you from a wide range of threats and prevents access to malicious websites ? Start your free trial now
3. Why is typosquatting dangerous?
Typosquatting can have several aims. As we stated in the Moncler case, you can set up a fake online shop and sell counterfeit goods. Or also monetize exclusively from the traffic obtained, or be even meaner with the unfortunate users.
A fake website can require you to insert your credit card details or other private information. Or else you can input a malicious code that the user will inadvertently download after clicking on the link available on the website. And, once the code gets automatically installed in the user’s device, a trojan could be checking all your activity, stealing confidential information and registering what the user is typing.
Or still, malware or ransomware could get installed, which freezes all the data included in the device and unblocks them only after you’ve paid the ransom. To sum it up, typosquatting has different consequences and it is important to know them in order to activate adequate typosquatting protection.
4. Typosquatting protection, how to protect yourself from url errors
So, how can you activate a typosquatting protection? The first piece of advice is to trust Google and always search the website you want to reach through a search engine. Then, if you save it among your favorites, when you next access it you will automatically see the correct name of the domain in the address bar of the browser.
Other protection forms include always making sure that the website url starts with “https”, which grants, somehow, safe transactions. In this way, the credit card data will be protected. And, finally, pay maximum attention to the links you receive via email, chat or text message. It is very important to always control the url before clicking on it (generally you will see it in the bottom-left corner of the browser window when you pass over it with the mouse). And the same goes for the email address of a message sender.
Be careful, however, because typosquatting specialists often play with our eyes. It may happen that the url we read is much more similar to the one we expect (intesasanpOlo.com instead of intesasanpaolo.com) and the game is easily played. Furthermore, it may happen that, once you click in good faith on the url, you will end up on a perfectly equal page to the one of the real website. Very often, these fake websites are uncovered because their language is not so correct, but a careful eye might be needed to identify this.
The best piece of advice, in the end, is to use a navigation protection service like the DNS filterr by FlashStart on all the used devices. Thanks to the very wide net of databases of dangerous websites (blacklists), which is accesses in real time by FlashStart, the user will always be granted that he will not end up in a malicious website and, moreover, FlashStart will protect the navigation of the youngest and most vulnerable users.
Indeed, DNS filters like the one by FlashStart prevent navigation towards websites deemed dangerous for all reasons (pornography, pedophilia, malware, fraud, phiching, etc.): better give them some thought, with a unique solution you can solve several problems, included typosquatting protection.
>> FlashStart is leader in competitiveness ? Request prices
You can activate the FlashStart® Cloud protection on any sort of Router and Firewall to secure desktop and mobile devices and IoT devices on local networks.